AT&T IS Security Engineering Lead (Westfields) in Oakton, Virginia

Job Description: responsible for the design, development, implementation, and/or integration of the NRO IA architecture, system or system component. They ensure that IA related IS will be functional and secure. They provide Information Technology security engineering, integration services, technical assessments, and solutions. This includes analyzing the IA/Information Systems environment helping customers understand information security needs, defining system security requirements, designing system security architectures, developing and implementing detailed security designs and measures to safeguard information, and assessing information protection effectiveness.

  • Identifies information protection needs for the NRO Information Systems (IS).

  • Defines NRO IS security requirements in accordance with applicable IA requirements.

  • Provides system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.

  • Designs security architectures for use within the NRO IS.

  • Designs and develops IA or IA-enabled products for use within a NRO IS.

  • Integrates and/or implements Cross Domain Solutions (CDS) for use within a NRO IS.

  • Develops and implements security designs for new or existing network system(s); ensures that the design of hardware, operating systems, and software applications adequately address IA security requirements for the NRO IS.

  • Designs, develops, and implements network security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.

  • Designs, develops, and implements specific IA countermeasures for the NRO IS.

  • Develops interface specifications for the NRO IS.

  • Develops approaches to mitigate NRO IS vulnerabilities and recommend changes to system or system components as needed.

  • Ensures system(s) designs support incorporation of DoD, IC, and NRO-directed IA vulnerability solutions, such as Information Assurance Vulnerability Alerts (IAVAs)/Intelligence Community Vulnerability Alerts (ICVAs).

  • Develops IA architectures and designs for designs for National Security Systems with security categorizations of confidentiality, low to moderate; integrity, low to moderate; and availability, low to moderate.

  • Develops IA architectures and designs for systems processing Sensitive Compartmented Information (SCI) operating in dedicated, system high or compartmented mode.

  • Assesses threats to and vulnerabilities of the NRO IS.

  • Identifies, assesses, and recommends IA or IA-enabled products used within NRO IS; ensures products are in compliance with NRO evaluation and validation requirements.

  • Ensures that the implementation of security designs properly mitigate identified threats.

  • Assesses the effectiveness of information protection measures used by the NRO IS.

  • Evaluates security architectures and designs and provides input as to the adequacy of security designs and architectures proposed or provided in response to requirements contained in acquisition documents.

  • Ensures security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate Authorizing Official or Designated Authorization Official (DAO).

  • Provides input to IA C&A process activities and documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training)

  • Participates in an Information Systems (IS) risk assessment during the C&A process and design security countermeasures to mitigate identified risks.

  • Provides engineering support to security/certification test and evaluation activities.

  • Documents system security design features and provides input to implementation plans and standard operating procedures.

  • Recognizes a possible security violation and take appropriate action to report the incident.

  • Implements and/or integrates security measures for use in network system(s) and ensure that system designs incorporate security configuration guidelines.

  • Ensures the implementation of NRO IA policies into system architectures.

  • Ensures the implementation of subordinate NRO IA policies is integrated into the NRO IS system architecture.

  • Oversee and provide technical guidance to IASAE Level I and II personnel

Obtains and maintains IA certification appropriate to the position.

Required Skills, Experience, and Education : Candidate must have 16 years of experience that can be a combination of work history and education. This equates to a Doctorate and 8 years of experience OR Masters and 10 years, Bachelors and 12 years, Associates and 14 years or HS and 16 years. Must meet DoD 8570 IAM Level 3 certification requirements AND be willing to obtain CISSP-ISSAP or CISSP-ISSEP within 6 months.

Required Clearance: Active TS/SCI, with CI Poly.