Information System Security Engineer - Clearance Required
Logistics Management Institute
- Fort Belvoir, VA
- Permanent
- Full-time
- Work with Security Information and Event Management (SEIM) software and vulnerability management
- Work with EAMS-A and understand how user role provisioning will be impacted by ICAM.
- Understand Zero Trust concepts and be able to articulate changes needed to comply with Army direction.
- Review weekly Assured Compliance Assessment Solution (ACAS) scans and Army Endpoint Security Services (AESS) reports to identify vulnerabilities, misconfigurations, and insecure security practices
- Review AWS security tools (AWS Security Hub, Guard Duty, Cloud Watch, Cloud Trail, Config) to identify any vulnerabilities or misconfigurations.
- Work with the vendor implementation team to fix the vulnerability and/or develop the appropriate plan of action and milestone (POA&M) if the vulnerability cannot be fixed right away
- Manage the POA&M process for the information system, ensuring it meets Army Network Command (NETCOM) thorough requirements, are tracked and completed on time, and reported properly to leadership
- Ensure information system vulnerability status is being properly reported to PEO EIS, as well as external information systems – Continuous Monitoring and Risk Scoring (CMRS) and Cyber Operational Attribute Management System (COAMS)
- Track and review NETCOM Cyber Task Orders (CTO), determining if there is a required action of the information system. Work with the vendor implementation team to ensure the CTO is completed on time
- Provide detailed analysis of vulnerabilities to leadership to understand how an adversary could exposure the vulnerability to compromise the system
- If a security incident occurs, investigate AWS Cloud Trail logs to determine what was done to the system, who committed the actions, how pervasive the attack is (e.g. did they gain a further foothold in the system), and how to limit exposure
- Bachelor’s Degree
- 10-15 years’ experience with DoD Cyber security management and POA&M development
- Experience with AWS cloud services
- DoD Secret Security Clearance
- DoD IAT Level II Certification (CCNA-Security, CySA+, GICSP, GSEC, Security+, CND, or SSCP)
- Master’s degree
- Experience with cArmy
- AWS certifications
- EAMS-A