Every day at Perspecta, we enable hundreds of thousands of people to take on our nation's most important work. We're a company founded on a diverse set of capabilities and skills, bound together by a single promise: we never stop solving our nation's most complex challenges. Our team of engineers, analysts, developers, investigators, integrators and architects work tirelessly to create innovative solutions. We continually push ourselvesto respond, to adapt, to go further. To look ahead to the changing landscape and develop new and innovative ways to serve our customers. Perspecta works with U.S. government customers in defense, intelligence, civilian, health care, and state and local markets. Our high-caliber employees are rewarded in many waysnot only through competitive salaries and benefits packages, but the opportunity to create a meaningful impact in jobs and on projects that matter. Perspecta's talented and robust workforce14,000 strongstands ready to welcome you to the team. Let's make an impact together.
Perspecta has an immediate need for an Information Systems Security Engineer/ISSR in Washington, D.C.
Position Title: Information Systems Security Engineer / ISSR - Top Secret Clearance
Our task order provides on-site technical and administrative Security Assessment and Authorization (A&A) and Continuous Monitoring (CM) support for the client enterprise wide. The Cloud Information Systems Security Engineer (ISSE) implements security engineering principles to review security requirements, verify implementation, and provide mitigation recommendations throughout the cloud life cycle to facilitate secure systems for A&A and Continuous Monitoring support. The ISSE/ISSR responsibilities include, but are not limited to:
Serving as the Information Assurance Section cloud subject matter expert for the A&A and Continuous Monitoring processes
Providing security requirements analysis of cloud architectures and designs
Identifying technical gaps and providing solution recommendations for cloud services acquisition, development, migration, implementation, and monitoring
Explaining cloud security controls/requirements and guidance to the System Owners and System Teams and recommending implementation strategies
Identifying cloud vulnerabilities and recommending mitigation alternatives for POA&M items
Reviewing cloud security test results to identify weaknesses, technical flaws, and vulnerabilities
Reviewing cloud SLAs for compliance to requirements
Recommending technical process improvements for the A&A process.
Project management experience
Excellent communication both written and verbal skills
Experience working with a Quality Assurance team
Experience working with a Project Management Office
Ten years IA and InfoSec experience; which includes developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability scanning, and/or vulnerability management plans
Five years security engineering experience; which includes systems engineering principles, requirements analysis, system development (software and hardware); network security architecture concepts (topology, protocols, components); and/or IT security principles and methods (firewalls, demilitarized zones, encryption)
Two years cloud experience; which includes cloud security design, requirements analysis, control implementation, mitigation, and FedRAMP, as well as experience with common service providers, such as AWS, Azure, and/or Salesforce
Experience with FISMA and RMF/A&A processes
Experience with NIST SP (800-27, 30, 37, 53, 60, 137, 144, 145), FIPS (199, 200), CNSSI 1253 experience
Experience with STIG and SCAP
Understanding of the System Development Lifecycle
Understanding of network access, identity and access management
Strong analytical, communication, problem solving and leadership skills
Ability to perform in a fast paced environment with frequent change
CISSP and CISM or GSLC; or ability to obtain CISM or GSLC within 6 months of hire
Active Top Secret clearance, periodic review (PR) performed within the past three years, SCI eligibility.
Subject to credit check
Government consulting experience
CISSP-ISSEP, CCSP, GCIA, CEH, GPEN, OSCP or other related certifications
Knowledge of CSA guidance
Experience with VMware
Experience with cloud automation tools and scripting (Python, Java, Chef, Puppet, and/or Ansible)
Bachelor's or Master's degree in a related field.