AT&T Senior Network Engineer (Government) in Vienna, Virginia
The combined Senior role as Information Systems Security Officer (ISSO) and Information Systems Security Manager (ISSM) provides support for a program, organization, system, or enclave’s information assurance program.
Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.
Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed.
Assists with the management of security aspects of the information system and performs day-to-day security operations of the system.
Evaluate security solutions to ensure they meet security requirements for processing classified information.
Performs vulnerability/risk assessment analysis to support certification and accreditation.
Provides configuration management (CM) for information system security software, hardware, and firmware.
Manages changes to system and assesses the security impact of those changes.
Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification & Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
Supports security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Information Assurance Certification and Accreditation Process (DIACAP).
The Senior ISSO/ISSM performs these specific duties and responsibilities:
• Perform Senior ISSO responsibilities for implementing, and enforcing information systems security policies, standards, and methodologies
• Perform ISSM responsibilities for maintaining the appropriate operational IA posture for a system, program, or enclave to include working independently and directly with customers and customer systems
• Perform hands-on Nessus vulnerability scans to include identifying, loading, and running new security plugins
• Develop system hardening guides for new systems in concert with security engineering teams
• Develop plan of action milestones and enforce closure of critical through low vulnerabilities with engineering teams
• Develop and maintain systems security plans (SSP) from start to finish to conduct security assessment and authorization (SA&A) reviews with government auditors for authorization to operate (ATO)
• Assist in evaluation of security solutions to ensure security requirements for processing classified information
• Assist with CM for information system security software, hardware, and firmware
• Assist with preparation and maintenance of documentation
• Maintain records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades
• Evaluate security solutions to ensure they meet security requirements for processing classified information
• Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies
• Maintain operational security posture for information systems or programs
• Develop and maintain documentation for C&A in accordance with ODNI, CNSSI, NIST, DSS, and DoD policies and guidelines
• Develop and update the system security plan and other IA documentation
• Provide CM for security-relevant information system software, hardware, and firmware
• Assist with management of security aspects of information systems and perform day-today security operations of the system
• Develop system security policies and plans and ensure compliance
• Administer user identification and authentication mechanism of the Information System (IS)
• Plan and coordinate IT security programs and policies
• Manage and control changes to systems and assess security impacts of those changes
• Obtain C&A and ATO for ISs under purview
• Provide support for a program, organization, system, or enclave’s information assurance program
• Serve as Approval Authority for ISs under their control
• Interact with customers, IT staff, and high-level corporate officers to define and achieve required IA objectives
Required Skills, Experience, and Education: Ten (10) years’ experience as an ISSO/ISSM on large programs is required. Bachelor’s degree in Computer Science or related discipline from an accredited college or university is required. DoD 8570 compliance with Information Assurance Management (IAM) Level I or higher is required. Four (4) years of additional experience as an ISSO and ISSM may be substituted for a bachelor’s degree. Deep knowledge of Nessus and DISA STIG hardening are required.
Required Clearance: Applicant must be a US citizen and have a current TS/SCI security clearance with polygraph.
Desired: BS/BA degree is desirable. RMF and Splunk experience are preferred.
AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V