recruvo LLC is seeking a C&A Engineer to support a newly awarded contract in Aberdeen, MD. Candidate must have an active Top Secret/SCI Clearance. This is a full time position with benefits.
The C&A Engineer will be responsible for gathering information necessary to validate system security accreditations and to validate functioning security measures internal to these information systems. The C&A engineer will define, create and maintain the required C&A documentation for each information system in accordance with requirements. The C&A engineer will also assess the impacts of system modifications and technological advances on program project associated information systems.
The C&A Engineer will have a minimum of a bachelor's degree in computer science, mathematics, engineering or five years of comparable work experience with a qualifying Information Assurance certification, such as CISSP, CISM, CAP, or ISSEP in accordance with DoD 8570.1.
- Writes comprehensive security analysis reports including assessment-based findings, outcomes and enter this data into DoD Information Assurance Management data bases for evaluation by Authorizing Officials to support the receipt of a Authority to Operate (ATO) for the systems.
- Describes, tests and validates security measures active on security infrastructure devices for the protection of computer systems, networks and information system
- Identifies and defines system security requirements and correlates/documents them by analysis of organizational standard security operating procedures (SOP) and protocols.
- Determines security violations and inefficiencies through security tests, evaluations and audits.
- Describes system security architectures and provides detailed descriptions for the security components of information systems.
- Recommends technical solutions and new security tools to mitigate identified or potential security vulnerabilities.
- Recommends techniques to protect system by defining access privileges, control structures, and resources required to implement these structures.
- Achieves system security operational objectives by contributing guidance and recommendations to program/project leadership.
- Recommends improvements by assessing current security implementations and anticipating new security requirements.
- Maintains system security by implementing and maintaining security controls.
- Experience in testing and describing system security implementations
- Extensive technical knowledge of database and operating system security
- Awareness of the capabilities of or direct experience with system security tools, including but not limited to firewalls, intrusion detection systems, anti-virus software, access validation systems, identification & authentication systems, audit log management, content filtering, information flow enforcement, and incident response procedures.
- Experience with network technologies and with system, security, and network monitoring tools
- Thorough understanding of the latest security controls, testing techniques, and implementation of these controls.
C&A Engineer Skills and Qualifications:
- Information Security Policies (ICD 503, RMF, CNSSI 1253, and NIST SP 800 Series)