The Senior IASE will be responsible for:
Design, development, integration, testing, implementation, deployment and operations amp; maintenance (O amp;M) of tools for the automation of security testing in support of C amp;A/A amp;A.
Architectural design, integration, installation, configuration, testing, and administration of systems and capabilities to support the scanning, monitoring, and reporting of Information Assurance Vulnerability Alerts (IAVA)/Intelligence Community Vulnerability Alerts (ICVA) for the Naval Intelligence (NAVINTEL) Community.
Integration, installation, configuration, testing, administration of C amp;A Management tools and capabilities to implement A amp;A business processes, workflow, ICD-503, NIST 800-53 security controls mappings, and FISMA reporting.
Integrating and testing new features and functions within the A amp;A Management solution. This includes, but may not be limited to, DoD 8500.2, and NIST 800-53 Security Controls mappings; implementing updates business processes, workflow, and templates; and direct support to Fleet customers.
System administration and O amp;M support for the A amp;A Management capability.
Performing security assessments; design reviews; and providing guidance on new technologies for Fleet customers. New technologies may include, but are not limited to, Cloud technologies, Cross Domain Solutions, Hardware, Operating System, Web technologies; and Databases.
Providing Security Engineering, on an as needed basis, to support to the Security Controls Assessors (SCAs) and Validators for A amp;A and C amp;A efforts, respectively.
Design, development, integration, testing, documentation, system administration, ISSO responsibilities, and O amp;M for systems that support hidden/malicious file content analysis and reporting; Reliable Human Review (RHR) workflow functionality, enforcement, and audit; and cross-domain transfers. In depth understanding of hidden data threats associated with complex and proprietary file types such as MS Office Word, PowerPoint, Excel and PDFs.
Active TS/SCI clearance
Candidate must meet DoD 8570.1M requirements and possess a CISSP certification.
BS in CS, IT, Cyber Security, Information Assurance or a related field
8+ years of Security Engineering experience with DIACAP, DCID 6/3, ICD-503, and/or NIST Risk Management Framework
Experience in system/software design, development, integration, testing, system administration, O amp;M.
Experience implementing and executing software and security engineering practices in the SDLC process.
Experience with DoD, DISA, FLTCYBERCOM, DoDIIS, and IC tools, systems, reporting mechanisms and requirements for C amp;A.
Experience and education in information assurance, e.g., accreditation security testing and evaluation.
Technical knowledge of the DoD, IC, and national level system security initiatives and Secure Information/LAN/WAN/Cloud Technologies/Cross, Domain Solutions (CDSs) technologies
Knowledge of development in an Oracle Solaris or Red Hat Enterprise Linux
Experience designing, developing and using host based and network based scanning tools.
Experience with SCAP based tools and specifications.
Experience in OS hardening; securing systems/software IAW IC, DoD, and industry best practices; development of security controls, testing methodologies, and procedures for systems, cloud based architectures and CDSs. (RHEL) environment.
Experience developing in a MS Windows 2012R2 or Windows 10
Knowledge of OpenOffice or LibreOffice integration or development
MS in CS or IT with IA
Project Management experience.
Active ISSEP certification