Summary:

Designs and defines architectures, firewalls, electronic data traffic, and network access involved in system security. Applies encryption technology, penetration and vulnerability analysis of various security technologies, and information technology security research. Executes security controls to prevent unauthorized access to company information. Researches attempted efforts to compromise security protocols. Conducts risk assessment and provides recommendations for application design. Evaluates, creates, and implements solutions to enhance security controls to protect the systems and data maintained in development, testing and production environments.

Job Responsibilities:

• Support adoption and implementation of NIST-based standards across the agency.
• Support all steps of NIST 800.53
• Participate in the selection of the organization's common security controls and in determining their suitability for use in the information system
• Review the security controls regarding their adequacy in protecting the information and information system
• Prepare and review documentation to include Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs); support security authorization activities
• Implement and enforce information systems security policies, standards, and methodologies
• Evaluate security solutions to ensure they meet security requirements for processing classified information; perform vulnerability/risk assessment analysis to support certification and accreditation
• Manage changes to the system and assess the security impact of those changes
• Develops, maintains, and manages the continuous monitoring and NASA assessment requirements for all systems issued an ATO
• Develops and implements RISCS training to peers and system stakeholders
• Interfaces with NASA organization to improve and assist with managing JPL IT system Governance, Risk, and Compliance
• Interfaces with JPL cybersecurity SMEs to improve and implement NIST 800.53 control requirements.

Required Skills:

• Bachelor’s degree in Information Systems Management, Computer Science, Math or related discipline with a minimum of 5 years of related Cybersecurity/Information Technology (IT) experience or an equivalent combination of education and experience.
• Experience with system hardening, configuration testing, continuous monitoring and scanning using any of the following tools: SCAP, Nessus, Snort, and Splunk policies and related Provide engineering solutions for all RMF accreditations throughout the entire systems/product lifecycle.
• Has working knowledge of IT architectures and system functions, security policies, technical and process security controls, and operational protective measures.
• 3 years’ experience using NSA’s RSA Archer application to support the RMF process.
• Has knowledge of security concepts and best practices such as defense in-depth, zero trust security/architecture, least privilege, need-to-know, separation of duties, access controls, encryption, etc.
• Strong technical and communication skills providing accountability and day-to-day support in ensuring unclassified information systems (IS) are protected and operated in accordance with governing manuals.
• Must have a CISSP,CEH, CISM, or similar certification.
• US Citizenship required.