ASRC Federal Seeks a Senior level Information System Security Engineer - This functional area provides specific guidance on what information security policies, standards, guidelines and procedures are, the differences between each and how they fit together to form an information security policy framework. This framework will then be used to develop a comprehensive IT Security Plan for NASA flight and non-flight projects.
Individual will be engaging and interfacing with multiple flight and non-flight project teams, participating in project reviews from a cybersecurity perspective, and MUST have excellent demonstrated customer service, oral, written, and presentation skillsets.
Perform analysis of IT security for flight and non-flight project systems, data, network, and security systems.
Participates as the Cybersecurity Subject Matter Expert throughout the Project Management and System Development Lifecycle (SDLC) to ensure the development of secure network and systems architectures by the various mission projects at NASA.
Applicant should have a good Internet Protocol networking, Systems Administration, and Information Systems Security Officer (ISSO) background in order to understand and apply the necessary security requirements and needs of the customer and associated mission projects.
Knowledge and experience deploying and applying appropriate security control configurations/mitigations, and administering various Operating Systems to include Linux, Windows, MacOSX in standalone, client/server, and cloud-based environments (private, hybrid and commercial).
The successful candidate will have strong understanding of applying security measures for an enterprise environment with a multitude of information security technologies and be able to provide, from a security prospective, necessary technical oversight, security design and engineering, and expert advice from initial phases of projects and continue throughout the project lifecycle.
Must be well versed with federal cybersecurity standards including but not limited to NIST, FIPS and NASA Security standards and policies to assist Information System Owners (ISOs), Information System Security Officers/Engineers (ISSOs/ISSEs) in providing proper controls and documentation to receive Authority to Operate (ATO) from NASA Authorizing Officials (AOs).
Good demonstrated understanding of the NIST Risk Management Framework, including the NIST Special Publication (SP) series and other documents (i.e., recent revisions of SP 800-53, FIPS-199/200, NIST Cybersecurity Framework) to tailor and implement security controls for mission projects and provide appropriate and correct documentation for authorization approvals.
Must be able to identify and apply security policies, mitigation and remediation strategies, and engineered security solutions beginning in the design and development phases through post implementation and assessment phases of project(s).
Provide Cybersecurity expertise and identify where internal and external controls are necessary and exercising and implementing those controls. Key is the ability to address and apply security controls in real world scenarios and offer mitigating solutions to found weaknesses in related control areas.
Additional Areas that would be a plus:
Threat management development, information dissemination and coordination of available cybersecurity threat information experience.
Experience writing technical system documentation
Experience on Flight Mission programs/projects, including knowledge of and implementation of security requirements following NASA Program Management Directives (NPDs) such as NPDs 7120.5 and 7120.7.
ISSO Experience at NASA.
Experience with security control assessments -- developing Security Assessment Reports for clients.
System administration of security infrastructure and endpoint solutions.
ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
BS degree or equivalent experience in IT, computer science and other cyber security related fields.
Security-related certifications such as CISSO, CISSP, CEH, CISA, CCSP, CISM.
Prior experience as an Information System Security Officer (ISSO).
Applicant MUST have ability to apply Security during Software implementation and designing:
applications and tools.
early in projects.
Customer relationship management is a must! Applicant must be able to respond to varying levels of customers with professionalism and positivity.
Provide great communication skills to all types of audiences, including advising key stakeholders and senior NASA management. Ability to communicate ideas and solutions both in writing and orally to team members and customers to provide overall assessments of the security posture of NASA mission projects.
Ability to lead discussions of project tasks activities, forums of small to large audiences, including multi-center participation.
Must be proactive and quick to respond to customer requests.
Be able to comfortably shift to other functional areas of need as required by customer.
Strong organizational skills, both analytical and problem solving, and the ability to work with sensitive information.
15 years of IT Security experience.
Occasional travel may be required.
Must have a current Secret security clearance and be able to obtain/maintain a Top Secret clearance; current Top Secret clearance highly desired.