StraitSys IncRegularPRIMARY FUNCTION
Responsible for ensuring IT systems maintain the appropriate security posture in accordance with NIST and FBI policy/guidance. Analyze and define security requirements for on-premises and cloud environment IT systems. Designs, develops, engineers, and implements solutions that meet security requirements. Responsible for the integration and implementation of IT system security solutions under the guidance of the ISSO and Government personnel. Performs risk analyses of IT systems and applications during all phases of the system development life cycle and during mandated security reviews. Collaborates with other engineers, administrators, and other technical experts in the identification and implementation of appropriate information security functionality to ensure uniformity, standardization, and compliance with security policies. Responsible for participating as a security engineering representative on engineering teams for the design, development, implementation and/or integration of IA architectures, systems, or system components.
ESSENTIAL FUNCTIONS
Assist in designing and implementing security architectures to protect information systems and networks, ensuring they align with regulations and best practices.
Perform risk assessments to identify potential security threats and vulnerabilities. Develop and implement strategies to mitigate identified risks, ensuring the security of the organization’s information systems.
Ensure all information systems comply with relevant security standards and regulations such as FISMA, NIST, and other applicable federal guidelines. Assist in managing certification and accreditation processes to maintain authorized status.
Participate in the response to security incidents, including coordinating investigations, documenting findings, and implementing corrective actions. Ensure incidents are resolved efficiently and in accordance with organizational protocols.
Provide guidance and mentorship to junior security engineers. Conduct training sessions to enhance the team’s skills and knowledge in cybersecurity best practices and emerging threats.
Oversee the deployment and management of security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption solutions. Ensure these technologies are effectively integrated into the organization&39;s infrastructure.
Assist in developing and implementing continuous monitoring programs to regularly assess the security posture of information systems. Use insights from monitoring activities to recommend and implement improvements in security controls, policies, and procedures.
SUPERVISORY RESPONSIBILITIES
None.
Job Requirements:
KNOWLEDGE, SKILLS, & ABILITIES:Experience supporting IT systems in a cybersecurity engineering role required to adhere to NIST and FBI cybersecurity policy, guidelines.
Firm understanding of current NIST SP 800-53, DOJ/FBI Policies and Procedures, and Industry best practices
Experience completing security evaluations of IT systems to ensure they meet security requirements
Experience developing and/or editing standard operating procedures, user guidelines, and system and information security documentation related to the security of IT systems.
Demonstrated knowledge of and experience with current security tools, hardware/software security implementation, communication protocols, and encryption techniques/tools
Ability to complete tasks in support of security operations and management, security planning/documentation, security monitoring and evaluation, security awareness and training, and security incident reporting and response management.
QUALIFICATIONS:
Active Top Secret Clearance with the ability to obtain SCI, if required
Bachelor’s or Master’s degree in Engineering, Computer Science, Information Systems, Cyber Security, or related discipline. Education substitution requires 8+ years’ experience supporting IT systems information and system security operations.
5+ years’ experience as an ISSE, information security, or cybersecurity role supporting unclassified and/or classified systems responsible for the cybersecurity of IT networks, systems, and applications
Must possess and maintain at least one of the following certifications: International Information Systems Security Certification Consortium (ISC²), Certified Information Systems Security Professional (CISSP), the Global Information Assurance Certification (GIAC) [SANS] Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 IAM Level III proficiency.
PREFERENCE STATEMENT
Preference will be given to Calista shareholders and their descendants and to spouses of Calista shareholders, and to shareholders of other corporations created pursuant to the Alaska Native Claims Settlement Act, in accordance with Title 43 U.S. Code 1626(g).
EEO STATEMENT
Additionally, it is our policy to select, place, train and promote the most qualified individuals based upon relevant factors such as work quality, attitude and experience, so as to provide equal employment opportunity for all employees in compliance with applicable local, state and federal laws and without regard to non-work related factors such as race, color, religion/creed, sex, national origin, age, disability, marital status, veteran status, pregnancy, sexual orientation, gender identity, citizenship, genetic information, or other protected status. When applicable, our policy of non-discrimination applies to all terms and conditions of employment, including but not limited to, recruiting, hiring, training, transfer, promotion, placement, layoff, compensation, termination, reduction in force and benefits.
REASONABLE ACCOMMODATION
It is Calista and Subsidiaries' business philosophy and practice to provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities.
The statements contained in this job description are intended to describe the general content and requirements for performance of this job. It is not intended to be an exhaustive list of all job duties, responsibilities, and requirements.
This job description is not an employment agreement or contract. Management has the exclusive right to alter the scope of work within the framework of this job description at any time without prior notice.