Lead Information Systems Security Engineer (ISSE) - Navy Yard - Washington, DC

Position Description

Are you an ISSE looking for a place where you can make a difference every day? Serco is the place for you! We have an exciting opportunity supporting the United States Navy and our CNIC N6 program at the Navy Yard in Washington, DC.

 

CNIC Regional Offices enable improving operational performance and cost reductions through business process definition, analysis, and development of technical capabilities which automate process or improve transparency for analytics and decision making. 

 

This CNIC N6 Lead Information System Security Engineer (ISSE) for the Risk Management Framework (RMF) Assessment and Authorization (A&A) process, is tasked with developing RMF security authorization packages to obtain Authorizations to Operate (ATOs) for various isolated enclaves that support the NDW Region.  These enclaves support many different missions, including, but not limited to, Anti-Terrorism/Force-Protection (AT/FP), access control, video monitoring, and mobile radio systems. 

 

In this role, you will:

• Support CNRNDW ISSM / CIO with RMF package development as the lead ISSE
• Assemble and review all required documentation as outlined by the ISSM and CNIC for the RMF packages
• Tailor security controls out of National Institute of Standards and Technology (NIST) SP 800-53 rev 4 for the systems
• Assist with updating policy and documentation along with maintaining compliance with NIST SP 800-53 rev 4 throughout the RMF lifecycle
• Develop a Security Assessment Plan (SAP) in accordance with the Navy RMF Process Guide ver. 3.1 and using the templates provided in the RMF Knowledge Service (KS)
• Assess and implement security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in accordance with the SAP
• Gather ACAS, STIG, Security Content Automation Protocol (SCAP) files, and other related package artifacts and report any discrepancies to the program
• Build risk assessment report (RAR) incorporating all findings discovered in testing and documenting an analysis of each finding
• Verify traceability between system authorization data flow, boundary diagrams, Hardware, Firmware, Software, Ports, Protocols and Services (PPS) lists, and ACAS scan
• Update and help implement the status of all security controls, enhancements, and control correlation identifiers (CCIs) in eMASS
• Make data entries into eMASS record for assigned systems and track RMF process timelines
• Prepare for and conduct RMF-related briefings at meetings with internal and external representatives
• Interact frequently with internal personnel and outside representatives at various levels
• Assist in developing schedules and plans of actions and milestones (POA&M) for producing deliverable products and reports within customer-directed timelines
• Coordinate with field activities, obtaining statuses and providing RMF guidance for all CNIC CNRNDW packages

Qualifications

To be successful in this role, you will have:

• An active DoD Secret security clearance
• 8570 IAT Level II compliant certification
• A bachelor's degree in Information Technology, Cybersecurity, Computer Science or related discipline
• 8 or more years of experience in an Information Technology or Cybersecurity environment supporting the Department of Defense
• 5 or more years of experience with EMASS, RMF, ACAS, STIG's, & VRAM
• Recent experience with the RMF and NIST SP 800-53 rev 4 as an ISSE
• Recent experience with developing A&A documentation & obtaining ATO's
• Knowledge of US naval communication suites in areas such as LAN, WAN, and RF paths
• Familiarity with the DoD Information Technology Portfolio Repository-Navy (DITPR-DON)/DON Application and Database Management System (DADMS) and the requirements for their use
• Proficiency in at least 2-3 of the following disciplines
  • Microsoft operating systems
  • Microsoft SQL
  • Red Hat Linux
  • Cisco
  • Aruba Wireless
  • Lenel (preferred)

Additional desired experience and skills:

• 8570 IAM Level III compliant certification

 

Apply today to discover your place in our world!

 

In compliance with state and local laws regarding pay transparency, the salary range for this role is $110,424 to $184,041; however, Serco considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, and key skills. 

Company Overview

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco's 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

 

To review Serco benefits please visit: https://www.serco.com/na/careers/benefits-of-choosing-serco. If you require an accommodation with the application process please email: careers@serco-na.com or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

 

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice.

 

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email Agencies@serco-na.com.

 

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

Employment Type: FULL_TIME