Solutions for Information Design, LLC (SOLID) is looking for you to be the technical expert and have the ability to conduct independent security control assessments for systems we develop and support for our federal and commercial clients. You’ll be expected to perform deep technical dives into the security controls and implementations of systems in an effort to rapidly and effectively identify shortfalls (and remediations) in our cybersecurity posture. If you enjoy being handed a system and being asked "identify all the security vulnerabilities of this system and help us come up with a plan to fix them", then this is the ideal next step in your career journey.
You'll be asked to conduct independent security control assessments of IT systems. You'll be asked to leverage your technical experience to identify security vulnerabilities and issues within the systems that may pose substantial cybersecurity risks to the organizations and clients we support. You'll be given a "license to hunt" for cybersecurity threats within the documentation and technical inner workings of clients systems with a focus on making the cybersecurity posture of the system better each time you work on it. Furthermore, you will be expected to educate our business users and guide our technical team in how to navigate expectations around ATO’s, if and when necessary for various types of data to include CUI and PII.
- Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensors.
- Ensuring that security requirements for the assigned major application or general support system are being or shall be met.
- Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39).
- Ensuring preparation of security plans for sensitive systems and networks.
- Reporting IT security incidents (including computer viruses) in accordance with established procedures.
- Reporting security incidents not involving IT resources to the appropriate security office; and representing the engineering team as part of change management for assigned information systems.
- Participate in DevOps Sec (security integrated into Agile processes) requirements for assigned systems.
- Documenting security processes and expected responses to issues.
Must have 5 years of IT engineering experience (inclusive of 3 year of Cybersecurity experience) if you hold a BS or Master’s Degree in an IT field. Or, 7 years of IT engineering experience (inclusive of 5 years of Cybersecurity experience) if you hold a BS in a non-IT field. Or, 10 years of IT engineering experience (inclusive of 7 years of Cybersecurity experience) if you do not have a degree.
- Past work experience as a software developer, IT engineer, or cybersecurity professional
- Strong problem-solving skills
- Ability to communicate with technical and non-technical staff
- May lead and direct work of others.
- Proficient with SSL certificates and encryption
- Proficient analyzing audit logs and vulnerability and compliance scans (OS, DB, and Web App)
- Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework
- Specialized knowledge and experience with evaluating system, network, infrastructure, and SaaS security controls against requirements such as FISMA, FIPS, and NIST guidelines
- Experience applying DISA STIGs or similar security configuration guidelines.
- Experience analyzing cloud security
- Possesses an active security/cybersecurity certification (such as CISSP, CISA, CAP)
- CompTia Security+ (required for elevated access in NIPR)
- U.S. Citizen
- Familiarity with one or more of DHS Directive 4300A and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, and 800-53A
- Experience as an Information System Security Officer (ISSO) or Security Control Assessor (SCA)
- Experience performing Risk Analysis and Assessment
- Experience support systems hosted in cloud environments, AzureGov, NIPR, etc.
- Should be able to support the areas listed:
- Security Control Assessment
- Security Code Analysis
- Vulnerability Scan Analysis
- Document Review and Security Technical Writing (ATO, RMF, OMB Controls)
- Risk Assessment and Risk Management
Solutions for Information Design (SOLID) provides social science research and analysis to support public policy decision making and web design and development support, including content development, web application development and database design and integration.
Our subject-matter expertise is in the analysis of education, training, and employment opportunities of current and former military personnel. SOLID has done work in this area for multiple federal clients including the U.S. Departments of Defense, Labor, Transportation, Army, Navy, Air Force, Coast Guard, and Marine Corps.
Salary will be commensurate with experience and education.
SOLID is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
This position will require and is dependent on the successful completion of a criminal background check.