What are the responsibilities and job description for the Cyber Security Project Engineer TS/SCI Clearance with FSP REQUIRED position at MorphGroup?
Description:
MUST BE US CITIZEN
MUST POSSESS ACTIVE TS/SCI with FSP - candidates without required clearances cannot be considered
TMG is the proud recipient of the Employer Support of Guard and Reservists by the SECDEF.
TMG is an Equal Opportunity Employer
US Veterans Preferred
Location: McLean, VA
The Sponsor requires Cyber Security engineering support to lead the technical efforts needed to manage IT applications and systems through the Sponsor’s IT Security Assessment and Authorization (A&A) process. The Sponsor needs polished skills in subject matter expert knowledge on security documentation, drafting and reviewing controls, and scanning of IT systems to determine security posture, and provide support to the tenants as determined by the Sponsor within the Sponsor’s site and exterior facilities as needed.
Work Requirement:
The Contractor shall document all identified system risks, planned test procedures taken, and test results. The Contractor shall perform analyses of vulnerabilities identified during testing. The Contractor shall review program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.). The Contractor shall recommend changes to program-level documentation with an eye to reducing system vulnerabilities.
The Contractor shall work closely with the Sponsor’s security teams as well as the engineering team; however the Sponsor’s staff management will manage the priorities. The Contractor shall create and review systems documentation, controls, body of evidence and provide feedback on completeness and compliance of its contents on systems being monitored and tracked using security tools to include but not limited to XACTA, and ServiceNow. The Contractor shall read and analyze System Security Plans (SSP) and other system. documentation to develop an understanding of the system and applications. The Contractor shall assist engineers and Information System Owners in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions. The Contractor shall maintain a document repository using the security tool to include but not limited to XACTA, ServiceNow. The Contractor shall utilize COTS and GOTS applications to include but not limited to Nessus, Rapid 7, WebInspect, and AppDetective to review, monitor and track system environments to identify vulnerabilities, non-compliance with established information assurance standards and regulations, and recommend mitigation strategies. The Contractor shall work closely with system stakeholders to identify the appropriate task required to complete the A&A approval process. The Contractor shall audit the systems logs using tool to include but not limited to Splunk. The Contractor shall assemble and submit A&A packages in a timely manner. The Contractor shall utilize Confluence to share documents, schedules, etc. The Contractor shall utilize JIRA and Oracle Primavera P6 to document work task and hours worked.
Mandatory Skills:
**All mandatory skills must be reflected with proposed candidate's experience to be submitted for consideration**
1. Demonstrated experience acting independently when making security and A&A technical and business judgments.
2. Demonstrated experience managing and shepherding IT applications and systems through the Intelligence Community Directive 503 Risk Management Framework (ICD 503 RMF) following the Sponsor’s A&A process.
3. Demonstrated experience using technical A&A and analytical skills to assist customers with the lifecycle A&A process.
4. Demonstrated experience providing oversight for pre-assessments of the severity of weaknesses or deficiencies discovered in designated information systems and their environments of operation, and recommend corrective actions to address identified vulnerabilities.
5. Demonstrated experience auditing operational systems.
6. Demonstrated experience developing and updating system security documents.
7. Demonstrated experience managing and controlling changes to systems, and assessing the security impact of those changes.
8. Demonstrated experience providing forensic support for root-cause determination of security related issues.
9. Demonstrated experience mentoring and training others in security matters.
10. Demonstrated experience conducting face-to-face stakeholder engagements in support of the A&A efforts i.e., engineers, mission partners, etc.
11. Demonstrated experience monitoring logs using an auditing tool such as Splunk.
12. Have at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information System Security Engineer Professional (ISSEP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
Optional Skills
1. Demonstrated experience and understanding of system administration for windows and Linux systems.
MUST BE US CITIZEN
MUST POSSESS ACTIVE TS/SCI with FSP - candidates without required clearances cannot be considered
TMG is the proud recipient of the Employer Support of Guard and Reservists by the SECDEF.
TMG is an Equal Opportunity Employer
US Veterans Preferred
Location: McLean, VA
The Sponsor requires Cyber Security engineering support to lead the technical efforts needed to manage IT applications and systems through the Sponsor’s IT Security Assessment and Authorization (A&A) process. The Sponsor needs polished skills in subject matter expert knowledge on security documentation, drafting and reviewing controls, and scanning of IT systems to determine security posture, and provide support to the tenants as determined by the Sponsor within the Sponsor’s site and exterior facilities as needed.
Work Requirement:
The Contractor shall document all identified system risks, planned test procedures taken, and test results. The Contractor shall perform analyses of vulnerabilities identified during testing. The Contractor shall review program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.). The Contractor shall recommend changes to program-level documentation with an eye to reducing system vulnerabilities.
The Contractor shall work closely with the Sponsor’s security teams as well as the engineering team; however the Sponsor’s staff management will manage the priorities. The Contractor shall create and review systems documentation, controls, body of evidence and provide feedback on completeness and compliance of its contents on systems being monitored and tracked using security tools to include but not limited to XACTA, and ServiceNow. The Contractor shall read and analyze System Security Plans (SSP) and other system. documentation to develop an understanding of the system and applications. The Contractor shall assist engineers and Information System Owners in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions. The Contractor shall maintain a document repository using the security tool to include but not limited to XACTA, ServiceNow. The Contractor shall utilize COTS and GOTS applications to include but not limited to Nessus, Rapid 7, WebInspect, and AppDetective to review, monitor and track system environments to identify vulnerabilities, non-compliance with established information assurance standards and regulations, and recommend mitigation strategies. The Contractor shall work closely with system stakeholders to identify the appropriate task required to complete the A&A approval process. The Contractor shall audit the systems logs using tool to include but not limited to Splunk. The Contractor shall assemble and submit A&A packages in a timely manner. The Contractor shall utilize Confluence to share documents, schedules, etc. The Contractor shall utilize JIRA and Oracle Primavera P6 to document work task and hours worked.
Mandatory Skills:
**All mandatory skills must be reflected with proposed candidate's experience to be submitted for consideration**
1. Demonstrated experience acting independently when making security and A&A technical and business judgments.
2. Demonstrated experience managing and shepherding IT applications and systems through the Intelligence Community Directive 503 Risk Management Framework (ICD 503 RMF) following the Sponsor’s A&A process.
3. Demonstrated experience using technical A&A and analytical skills to assist customers with the lifecycle A&A process.
4. Demonstrated experience providing oversight for pre-assessments of the severity of weaknesses or deficiencies discovered in designated information systems and their environments of operation, and recommend corrective actions to address identified vulnerabilities.
5. Demonstrated experience auditing operational systems.
6. Demonstrated experience developing and updating system security documents.
7. Demonstrated experience managing and controlling changes to systems, and assessing the security impact of those changes.
8. Demonstrated experience providing forensic support for root-cause determination of security related issues.
9. Demonstrated experience mentoring and training others in security matters.
10. Demonstrated experience conducting face-to-face stakeholder engagements in support of the A&A efforts i.e., engineers, mission partners, etc.
11. Demonstrated experience monitoring logs using an auditing tool such as Splunk.
12. Have at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information System Security Engineer Professional (ISSEP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
Optional Skills
1. Demonstrated experience and understanding of system administration for windows and Linux systems.
