Description
AT&T Global Public Sector is a trusted provider of secure, IP-enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing, and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values, and dedicated to our customers’ mission.
Our Cyber Security Team supports the customer by investigating, analyzing, and mitigating cybersecurity incidents that attempt to breach the Customer’s network infrastructure, applications, and operating systems.
AT&T has an opening for a Senior Information System Security Engineer to support the Moonshot contract.
The selected candidate for the ISSE role will support the customer by providing Cyber Security Architecture Analysis and Security Engineering Support. As the ISSE, the selected candidate will be called upon to perform the following tasks:
- Ensuring cyber security is baked into the design of new/existing operational environments
- Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies
- Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
- Perform security authorization activities in compliance with Risk Management Framework (RMF) policies and procedures to include: System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM).
- Assist ISSMs/ISSOs in maintaining operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed.
- Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A&A)
- Ensure that system designs support the incorporation cyber security vulnerability solutions
- Provides configuration management (CM) expertise for information system security software, hardware, and firmware and leads Change Control Board (CCB) meetings.
- Coordinates with the Information System Security Analysts, and system administrators for control implementation and Plans of Actions and Milestones (POA&Ms) closeout requirements.
- Ensures systems designs support incorporation to customer continuous monitoring solutions (i.e., Vulnerability Alerts, Splunk, Enterprise Scanning, etc.)
- Required to become proficient on the Customer’s Assessment and Authorization tool to track and document the RMF steps.
- Identify, assess, and recommend cyber security products for use within an operational environment
- Provide subject matter expertise to the development of a common operational picture.
- Develop and implement security vulnerability assessments and penetration tests.
- Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to acceptable security levels.
- Maintain operational security posture for an information system or program.
- Apply a full range of Cybersecurity policies, principles and techniques to maintain security integrity of information systems processing classified information.
- Conducting vulnerability scans and recognizing vulnerabilities in security systems
- Perform cyber defense trend analysis and reporting.
- Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk.
- Knowledge and understanding of cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.
Required Clearance:
TS/SCI with polygraph (#ts/sci) (#polygraph)
Required Qualifications:
- Candidate must have 10 years of experience that can be a combination of work history and education. This equates to:
- Doctorate and 3 years of experience; OR
- Masters and 4 years; OR
- Bachelors and 6 years; OR
- Associates and 8 years; OR
- HS and 10 years.
- Must have certifications to meet minimum requirements for DoD 8570 IAT Level 2 certification requirements; level 3 requirements are acceptable as well. Level II certifications must be obtained within six (6) months:
- Certified Network Defender (CND)
- COMPTIA Cybersecurity Analyst (CYSA+)
- COMPTIA Security+
- GIAC Security Essentials (GSEC)
- Global Industrial Cyber Security Professional (GICSP)
- Implementing and Administering Cisco Solutions (CCNA)
- Systems Security Certified Practitioner (SSCP)
- Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
- Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- Ability to exercise judgment when policies are not well-defined.
- Knowledge of new and emerging IT and cybersecurity technologies.
- Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.
- Experience with Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.
- Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Desired Qualifications:
- Ability to contribute in a dynamic high tempo operational environment.
- Ability to correlate operational concepts and apply appropriate security measures to mitigate threats or vulnerabilities.
- Applied knowledge of ServiceNow as well as other IA reporting tools
- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of authentication, authorization, and access control methods.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting).
Ready to join our team? Apply Today!
|
