What are the responsibilities and job description for the Information Systems Security Engineer - Mid to Expert Level (Maryland) position at CNSS • National Security Systems?
Are you a cyber professional with the drive and expertise to be on the forefront of the cyber fight; tackling NSA's complex mission to defend against cyber threats of today and tomorrow? NSA, the nation's leading cyber agency, has exciting and challenging positions in Cyber Security Engineering and Cyber and TEMPEST vulnerability analysis/mitigation. Are you ready to help secure our Nation's critical Infrastructure? If so, NSA is the place for you! The qualifications listed are the minimum acceptable to be considered for the position.
Degree must be in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cybersecurity, Information Technology, Information Assurance, Information Security, and Information Systems).
Relevant experience must be in one or more of the following areas: computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices). In addition, experience may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or network and system administration. Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience).
FULL PERFORMANCE
Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
SENIOR
Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
EXPERT
Entry is with a Bachelor's degree plus 9 years of relevant experience, or a Master's degree plus 7 years of relevant experience, or a Doctoral degree plus 5 years of relevant experience. An Associate's degree plus 11 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Information System Security Professionals at NSA play a vital role in in the architecting, designing, operating, defending, and maintaining secure state of the art Information Technology (IT) systems executing NSA's SIGINT and Cybersecurity missions. NSA is advancing technology to deliver mission outcomes. As such, Cybersecurity Professionals have the opportunity to work across a broad set of technologies including commercial cloud fabrics, artificial intelligence, high performance computing, and advanced cryptographic systems. These personnel are involved in the full life cycle of systems: designing, maintaining and monitoring the systems so they can be protected from the most sophisticated nation-state adversaries. Some examples of tasks include:
Degree must be in Computer Science or a related field (e.g., General Engineering, Computer Engineering, Electrical Engineering, Systems Engineering, Mathematics, Computer Forensics, Cybersecurity, Information Technology, Information Assurance, Information Security, and Information Systems).
Relevant experience must be in one or more of the following areas: computer or information systems design/development and with information assurance and accreditation processes (e.g., System Security Plans, Risk Assessment Reports, Certification and Accreditation Packages, and System Requirements Traceability Matrices). In addition, experience may include programming, information/cyber/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering, or network and system administration. Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience).
FULL PERFORMANCE
Entry is with a Bachelor's degree plus 3 years of relevant experience, or a Master's degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate's degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
SENIOR
Entry is with a Bachelor's degree plus 6 years of relevant experience, or a Master's degree plus 4 years of relevant experience, or a Doctoral degree plus 2 years of relevant experience. An Associate's degree plus 8 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
EXPERT
Entry is with a Bachelor's degree plus 9 years of relevant experience, or a Master's degree plus 7 years of relevant experience, or a Doctoral degree plus 5 years of relevant experience. An Associate's degree plus 11 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position. Information System Security Professionals at NSA play a vital role in in the architecting, designing, operating, defending, and maintaining secure state of the art Information Technology (IT) systems executing NSA's SIGINT and Cybersecurity missions. NSA is advancing technology to deliver mission outcomes. As such, Cybersecurity Professionals have the opportunity to work across a broad set of technologies including commercial cloud fabrics, artificial intelligence, high performance computing, and advanced cryptographic systems. These personnel are involved in the full life cycle of systems: designing, maintaining and monitoring the systems so they can be protected from the most sophisticated nation-state adversaries. Some examples of tasks include:
- Design system/network architectures to enforce levels of confidentiality, integrity and availability
- Ability to implement systems engineering principles/methodology
- Define and manage remediation plans across applications, infrastructure, and cloud
- Ensure compliance with cybersecurity standards and regulatory requirements (e.g. NIST)
- Assess and mitigate risks in legacy systems, misconfigurations, and vulnerabilities
- Analyze and prioritize vulnerabilities with cross functional teams
- Lead and provide oversight to activities to patch and harden infrastructure systems
- Define information system security requirements and functionality
- Review security configuration options of cloud services and recommend security configurations
- Understand cryptography and the ability to program (Python, Java, etc.)
- Assess effectiveness of security solutions against cybersecurity frameworks (e.g. MITRE ATT&CK)
- Monitor the cybersecurity hygiene for a family of IT systems directing remediation of configuration and vulnerability findings to reduce the adversary risks to systems
- Understand concepts, principles, structure and standards used to design, implement, monitor and secure operating systems, equipment, networks, applications and controls
- Operate within teams focused on implementing and evolving procedures and security settings designed to protect data and applications in cloud environments
- Conduct security engineering/hardening of the latest operating systems, tailoring them for use in the specific mission area
- Ability to implement automation and artificial intelligence across the RMF authorization life cycle and into continuous monitoring - Understanding of security frameworks (e.g. NIST 800-53, ISO 27001, CIS)
- Understanding and experience prioritizing and remediating vulnerabilities across hybrid network environments
- Cloud Security Knowledge for commercial cloud environments such as Amazon Web Services, Microsoft Azure, Oracle or Google cloud environments
- Familiarity with secure coding, DevSecOps, and CI/CD pipelines
- Ability to translate complex security issues into actionable guidance
- Understanding of vulnerability scanning tools
- Understanding of container security with knowledge of Kubernetes, Docker, and container hardening practices
- Understanding of threat modeling and how to design mitigation strategies
- Critical thinking and ability to break large complex problems into manageable parts