The successful candidate must possess the ability to perform information security risk assessments and information compliance activities in accordance with the NIST Risk Management Framework and NIST 800-53 Rev 5 for new projects and legacy infrastructure, databases and applications. The candidate must have the ability to assess the effectiveness of internal security controls, participate in the implementation of security tasks as they relate to the SDLC, in an advisory role (for best practices such as secure coding, application security architecture, etc). The candidate must possess the ability to provide information security vulnerability and threat analysis services to internal lines of business (LOB). Interact with both highly technical staff as well as Line of business (LOB) management. The candidate shall maintain knowledge of security and privacy law/directives/regulations, industry best practices, and changes in technology.
– Maintain Application Security Plan (ASP)
– Coordinate Authority to Operate (ATO)
– Complete NIST SP 800-53 Rev security control assessment
– Manage the completion of the risk assessment
– Create/maintain Plan of Action & Milestone (POAM)
– Create/maintain Acceptable Risk Forms (ARF)
– Manage Line of Business (LOB) application contingency plan
– Maintain Initial Privacy Threshold Analysis (IPTA)
– Manage asset inventory
– Provide Monthly reporting and metrics
– Communicate with Security Operations Center (SOC)
– Communicate with Marshall Incident Response Team (MIRT)
– Support LOB sprint meetings
– Inform LOB management of IA initiatives
– Communicate, collaborate & coordinate with LOB management and NASA civil service personnel
– Working knowledge of the NIST RMF and implementation of NIST SP 800-53 IA Controls.
– Experience performing risk assessments (e.g., evaluate threats, vulnerabilities, likelihood, and impact) and identifying mitigating controls.
– Application security planning
– Incident response and handling
– Excellent understanding of mitigating controls at the systems, network, and application level
– Ability to work both in a team construct and independently.
– Ability to build and maintain constructive working relationships with a diverse community (in and outside of technology) is critical; ability to effectively communicate (both written and verbal) with and influence both technical and non- technical audiences.
– BA or BS degree in CS, MIS, or a related field preferred.
– Minimum of CompTIA Security+ certification is required; CISSP, CEH, GIAC desired.
– Application security expertise including understanding of the OWASP Top 10
– Continuous Diagnostics and Mitigation (CDM) concepts include Hardware Asset Management, Software Asset Management and Vulnerability Management.
– Experience with various vulnerability assessment tools such as Nessus, HP WebInspect, HP Fortify, Burpsuite, etc.
– Broad technology background; distributed systems (Linux, Solaris, Windows, enterprise applications (such as databases, SAP, etc.) and application development and architecture (SDLC).
– Firewall rule set analysis
– Web application / system scanning
– Web application & system vulnerability assessment
– Web application static code analysis
– Security in agile environments
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC has approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com.
EOE AA M/F/Vet/Disability
Job Posting: Sep 13, 2017, 10:48:01 PM
Primary Location: United States-AL-HUNTSVILLE
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
Shift: Day Job
Nearest Major Market: Huntsville
Job Segment: Engineer, Cyber Security, System Administrator, Risk Management, Security, Engineering, Technology, Finance