Information Assurance/Software Security Engineer/ISSE
Horizon Industries Limited (HIL) is a dynamic IT and Management Consulting firm based in the Washington, DC area. We are currently seeking an Information Assurance Security Engineer for a full-time position, remotely supporting the Defense Logistics Agency (DLA).
The DLA IT Enterprise manages the execution of IT projects across the Agency. Specifically, it serves as the Information Operations business services broker, assessing, developing, and delivering a full range of IT solutions necessary to support the transformation and sustainment of the Information Operations mission and its associated commitment to the warfighter. Mission areas include the sustainment and evolution of an overarching DLA enterprise architecture, determination of proposed solutions, delivery of desired solutions (including oversight of related field activities, and sustainment of those solutions that are initially developed and delivered under a program manager), assurance that the solutions meet customer needs, and the effective integration of DLA’s IT solutions with other existing or planned logistics IT solutions in DOD. Additionally, J6 guides and oversees the operations and ongoing transformation of related field and headquarters activities that provide cataloging and transactional processing support for the entire DOD logistics system and our numerous Federal customers.
The JETS Program provides the full range of IT services, technical and management expertise that support applications, software, hardware, infrastructure, and systems, across the DLA IT Enterprise. Support is provided for information technology solutions, technical support, maintenance, and sustainment; operations support; application development, maintenance and technical support; and lifecycle management. Additionally, the program also supports administrative program management support for IT program offices and DLA Information Operations (J6) Office. The program provides support technology services across the DLA Information Operations Enterprise, the DLA Program Executive Offices (PEO), and all other technology services currently supported through DLA Contracting Services Office (DCSO) acquisitions.
Duties of an Information Assurance Security Engineer may include:
- Assist the SI with developing and managing the security designs for the information system architecture.
- Determine the relevant security requirements and support the system development around those requirements. The ISSE shall ensure the system, data, and information are properly documented and that the security design components are instilled in the system security measures.
- Review and assist as appropriate the SI system security architectures, standard operating procedures, protocols, and cybersecurity documentation (e.g., Privacy Impact Assessment, System of Records Notice (SORN), Cyber Security Strategy, DIACAP, RMF, Clinger-Cohen, Identity Management, etc).
- Develop, review, and/or manage as appropriate the Plan of Action and Milestones (POAMs) for security vulnerabilities and incidents.
- Review and assist with writing comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancements.
- Work with the SI, PMO, DLA Hosting Liaison Office, DLA Computer Emergency Response Team (CERT)/Network Operations Security Center (NOSC) and IA professionals at the enterprise and enclave level to ensure implementation of appropriate IA controls
- Performs a variety of tasks efficiently that support Security and Risk Management, Asset Security, Communications and Network Security, Identity and Access Management, Security Assessments and Testing, Security Operations, Incident Management, Disaster Recovery Activities
- Understand, apply, and enforce Software Security requirements.
- Applies analytical and systematic approaches in the resolution of problems of work flow, organizational, and planning.
- Performs a variety of routine project tasks applied to specialized information assurance problems.
- Tasks involve integration of electronic processes or methodologies to resolve total system problems, or technology problems as they relate to IA requirements.
- Analyzes information security requirements.
- Applies analytical and systematic approaches in the resolution of problems of work flow, organization, and planning.
- Provides security engineering support for planning, design, development, testing, demonstration, integration of information systems.
Required Skills / Experience:
- 8 - 10 years ISSE/IA experience
- 8 - 10 years relevant IT experience
- Current CSSP Incident Responder certification:
- Current DOD8570 IAT III certification:
- CASP CE
- CISSP (or Associate)
- One of the following Computing Environments (CE):
- ArcSight Enterprise Security Manager (ESM) 5.0 Security Analyst
- ArcSight Logger 5.0 Administration and Operations
- HBSS Administrator
- HBSS Advanced
- McAfee Network Security Platform Administration
- Minimum of two additional IT areas of knowledge:
- Microsoft: MCSA or MCSE or MCP or Equivalent
- Linux: Linux+ or RHCSA or Equivalent
- CISCO: CCNA or Equivalent
- CompTIA: Network + or Equivalent
- Certified Information Systems Security Professional (CISSP)
- Active DOD Secret Clearance and IT II access or have a current National Agency Check with Local Agency Check and Credit Check (NACLC).
Education: Some College
Horizon is an Equal Employment Opportunity employer and it is our policy to consider all applicants for employment without regard to sex, race, color, creed, religion, national origin, sexual orientation, marital status, age, disability, veteran status, alienage, ancestry, citizenship status, or any other factors prohibited by law. Horizon will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Horizon’s legal duty to furnish information.