Serco is a leading provider of services in the areas of Defense, Citizen Services, and Transportation. They are seeking an Information System Security Engineer to support their CNIC program, focusing on system security and risk management processes. The role involves categorizing information systems, implementing security controls, and maintaining compliance with security standards.
Responsibilities:
- Support the categorization of the Information System (IS) to be accredited through the RMF process and support the development of the System Security Plan (SSP)
- Support the determination and selection of the required and or applicable security controls, inherited controls, and Common Control Identification (CCI) for the IS, Security Technical Implementation Guide (STIG)
- Support the development of Memorandum of Understanding (MOU) or Memorandum of Agreement (MOA) and develop and implement an Information Security Continuous Monitoring (ISCM) plan/strategy
- Support the implementation of required and or applicable security controls
- Support the development, review, and approval of Security Assessment Plan
- Implement, maintain, and upgrade the approved IS security scanning tool and perform periodic security scans of the IS and business application code
- Support the development and review of the System Assessment Report (SAR)
- Support the development of the Plan of Action and Milestones (POA&M)
- Support the development and update of the Security Authorization Package
- Perform periodic assessment of the IS’ security controls
- Conduct remediation actions based on the results of ongoing monitoring of activities, assessment or risk, and outstanding items
- Update the SSP, SAR, RAR and POA&M based on the results of the continuous monitoring process
Requirements:
- An active DoD Secret security clearance
- U.S Citizenship required
- An up to date Information Assurance Technical (IAT) Level II baseline certification
- A Bachelors Degree with Technical training related to Information Technology, Cyber Security, Computer Science, or related discipline
- Or a High School diploma/GED with Technical training related to Information Technology, Cyber Security, Computer Science, or related discipline with a minimum of 10 years of Cybersecurity or IT related knowledge and experience in lieu of degree
- Minimum 8 years of Cybersecurity or IT related knowledge and experience
- RMF and eMASS knowledge and experience
- Ability to travel up to 10% of the time
- Ability to pass and maintain physical health standards required for travel to the AFRICOM AOR, to include getting the required vaccinations
- Valid/Active U.S Passport
- At least HBSS or ACAS certification/training certificate or both (both courses are desired)
- RHEL certification and experience (desired)