Information System Security Engineer (IT IC Level 4)*
Company: Odyssey Systems Consulting Group, Ltd.
Posted on: February 23, 2021
If you are a job seeker with a disability and require a
reasonable accommodation to apply for one of our jobs, you will
find the contact information to request the appropriate
accommodation by visiting the following page: Information System
Security Engineer (IT IC Level 4)* National Laboratory
Lexington, MA 02421, USA
The Security Services Department's overall mission is to ensure a
safe and secure environment and protect the client at all
facilities in which staff members perform their mission of research
and development. To accomplish this mission, this department
formulates and implements policies, plans, and actions designed to
protect facilities against threats of vandalism, accidental
destruction, and sabotage; and safeguards personnel, classified and
unclassified information systems, personal identifiable
information, property, and other assets from exploitation and
recruitment by foreign intelligence agencies. RESPONSIBILITIES AND
The Information Systems Security Engineer (ISSE) - IT IC Level 4
(Special Programs) designs, develops, tests, and evaluates
information system security throughout the systems development life
cycle for the individual programs at the client's site.
The successful candidate will work independently and as a team
member, must be a quick learner, self-motivated, reliable, and able
to balance multiple tasks simultaneously. Candidate must have
strong interpersonal skills and be able to manage stress in a
professional manner. Knowledge of installation, integration, and
optimization of system components. Ability to apply secure system
design tools, methods, and techniques. Ability to apply system
design tools, methods, and techniques, including automated systems
analysis and design tools. Skill in developing and applying
security system access controls.
Candidate must have the ability to apply network security
architecture concepts including topology, protocols, components,
and principles (e.g., application of defense-in-depth). Skill in
designing security controls based on cybersecurity principles and
tenets. Experience in forensics and cyber incident response
handling and reporting.
Candidate must be knowledgeable in computer security principles and
policies, to include, Security Technical Implementation Guides
(STIGs), National Industrial Security Program Operating Manual
(NISPOM), NIST 800-53 / Risk Management Framework (RMF), Joint SAP
Implementation Guide (JSIG), Intelligence Community Directive (ICD)
503, and DoD Manual 5205.07 Volumes 1- 4. Candidate must have
strong technical skills and be able to respond to off-hours
emergencies. Position requires occasional local and overnight
--- Analyze design constraints, analyze trade-offs and detailed
system and security design, and consider life cycle support.
--- Assess the effectiveness of cybersecurity measures utilized by
--- Build, test, and modify product prototypes using working models
or theoretical models.
--- Design and develop cybersecurity or cybersecurity-enabled
--- Develop Disaster Recovery and Continuity of Operations plans
for systems under development and ensure testing prior to systems
entering a production environment.
--- Develop risk mitigation strategies to resolve vulnerabilities
and recommend security changes to system or system components as
--- Identify, assess, and recommend cybersecurity or
cybersecurity-enabled products for use within a system and ensure
that recommended products are in compliance with the organization's
evaluation and validation requirements.
--- Implement security designs for new or existing system(s).
--- Perform risk analysis (e.g., threat, vulnerability, and
probability of occurrence) whenever an application or system
undergoes a major change.
--- Incorporate cybersecurity vulnerability solutions into system
designs (e.g., Cybersecurity Vulnerability Alerts).
--- Ensure that security design and cybersecurity development
activities are properly documented (providing a functional
description of security implementation) and updated as
--- Develop mitigation strategies to address cost, schedule,
performance, and security risks.
--- Employ configuration management processes.
--- Perform an information security risk assessment.
--- Perform security reviews and identify security gaps in
--- Provide input to implementation plans and standard operating
procedures as they relate to information systems security.
--- Trace system requirements to design components and perform gap
--- Verify stability, interoperability, portability, and/or
scalability of the system architecture.
--- Provide technical documents, incident reports, findings from
computer examinations, summaries, and other situational awareness
information to key stakeholders
--- Conduct network, system, and application vulnerability
scanning, configuration assessment, and remediation
--- Serve as a member of the Special Programs Information Security
Incident Response Team and lead efforts in investigations and
remediating incidents and preserve data for potential criminal
--- Must be a U.S. citizen with a current in-scope Top Secret level
security clearance with compartmental program eligibility
--- BS degree in Software Engineering, Systems Engineering,
Information Security, Computer Science, Cybersecurity, Information
Technology, Computer Information Systems, or related discipline is
--- A minimum of 6 years of IT security experience in DoD
Information Security is required
--- Possess a DoD 8570.01-M Information System Architect and
Engineers (IASAE) level I baseline certification (e.g. CISSP, CASP,
or CSSLP), or be able to obtain one within 6 months of hire
--- Technical experience, skills, and course work completed towards
a Graduate Degree, or industry IT certifications may be considered
in lieu of DoD security experience requirements
--- Demonstrated understanding of the following security frameworks
--- NIST 800-53 / Risk Management Framework (RMF)
--- Joint SAP Implementation Guide (JSIG)
--- National Institute of Standard and Technology Special
Publication 800-160 Vol 1 System Security Engineering
--- National Institute of Standard and Technology Special
Publication 800-160 Vol 2, Developing Cyber Resilient Systems.
--- DoD Manual 5205.07 Volumes 1- 4
--- Experience and familiarity with multiple operating systems such
as Windows Server 2012, 2016 and 2019, Windows 7 and 10, Red Hat
Enterprise Linux, Ubuntu, Mac, etc.
--- Ability to integrate information security requirements into the
acquisition process; using applicable baseline security controls as
one of the sources for security requirements; ensuring a robust
software quality control process; and establishing multiple sources
(e.g., delivery routes, for critical system elements).
--- Experience network security architecture concepts including
topology, protocols, components, and principles (e.g., application
--- Knowledge of Information Theory (e.g., source coding, channel
coding, algorithm complexity theory, and data compression).
--- Excellent written and verbal communication skills are required
--- Experience with virtualization and Cloud technologies is
--- Technical experience securing networks and systems utilizing
DISA STIGs and/or SRGs is highly desired WORKING LOCATIONS &
--- Location: Lexington, MA
--- Travel: Occasional local and overnight travel
--- Employment Status: Full-Time Employee with full benefits
(Medical, Dental, Vision, STD, LTD, PTO, Retirement)
--- Other: All candidates must also successfully pass a Commercial
Background Investigation (CBI). Investigation (CBI).
This job posting sets forth the authorities and responsibilities of
this position, which may be changed from time to time as shall be
determined. Odyssey Systems Consulting Group, LTD. is an Equal
Opportunity/Affirmative Action employer. All qualified applicants
will receive consideration for employment without regard to race,
color, religion, sex, pregnancy, national origin, disability,
sexual orientation, gender identity or expression, marital status,
genetic information, protected veteran status, or other factors
protected by federal, state, and/or local law. This policy applies
to all terms and conditions of employment, including: recruiting;
hiring; placement; promotion; termination; layoff; recall;
transfer; leaves of absence; compensation; and training.
#LI-POST Equal Opportunity Employer/Protected Veterans/Individuals
with Disabilities The contractor will not discharge or in any other
manner discriminate against employees or applicants because they
have inquired about, discussed, or disclosed their own pay or the
pay of another employee or applicant. However, employees who have
access to the compensation information of other employees or
applicants as a part of their essential job functions cannot
disclose the pay of other employees or applicants to individuals
who do not otherwise have access to compensation information,
unless the disclosure is (a) in response to a formal complaint or
charge, (b) in furtherance of an investigation, proceeding,
hearing, or action, including an investigation conducted by the
employer, or (c) consistent with the contractor's legal duty to
furnish information. 41 CFR 60-1.35(c)
Keywords: Odyssey Systems Consulting Group, Ltd., Huntsville , Information System Security Engineer (IT IC Level 4)*, IT / Software / Systems , Lexington, Alabama
Didn't find what you're looking for? Search again!