Vencore provides pre- and post-acquisition support for system development, including collecting mission needs, developing technical requirements, integration and project management throughout the development cycle, independent verification and validation, transition to operations, and end-to-end requirements management and configuration management. The program contract is responsible for providing counter-terrorism mission-specific applications to support the on-going battle against terrorism.
The Information Assurance/Security Policy Engineer functions as a member of the information assurance team and applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure network environment. Responsibilities include determining information system security requirements for the common computing infrastructure and environment, guiding the organization in the implementation of security controls and countermeasures, and ensuring information systems are operated and maintained in accordance with security policies and practices.
Duties include, but are not limited to developing and reviewing the body of evidence documentation as part of the ICD-503 Assessment and Authorization process, conducting vulnerability analysis and reporting, presenting security engineering principles and strategies to organizational review boards, and supporting the configuration management change control process.
• Maintain the operational security posture for the information systems.
• Support information security authorization activities in compliance with security policies and procedures.
• Develop system security plans.
• Work with organizational teams to develop the Security Controls Traceability Matrix (SCTM).
• Perform vulnerability/risk assessment analysis and reporting.
• Conduct continuous monitoring activities.
Bachelor of Science or higher degree in an engineering or technical discipline
12-15 years or more of systems engineering experience, 5-10 years within Information Assurance
Active TS/SCI with Polygraph
• Active CISSP certification
• Experience with FISMA, ICD-503, and other IC policies and processes
• Experience with NIST SP-800-53 version 4 security controls, and CNSSI 1253A
• Experience with Telos Xacta IA Manager Framework and Continuum
• Familiarity with cloud computing, AWS, C2S