Vencore is a proven provider of information solutions, engineering and analytics for the U.S. Government. With more than 40 years of experience working in the defense, civilian and intelligence communities, Vencore designs, develops and delivers high impact, mission-critical services and solutions to overcome its customers most complex problems.
Headquartered in Chantilly, Virginia, Vencore employs 3,800 engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do.
Vencore is an AA/EEO Employer - Minorities/Women/Veterans/Disabled
SETA support for Information Assurance and Penetration Testing activities in support of the IC Customer.
The candidate will support the customer organization by:
- Serving as the Security Compliance and Testing Lead for assigned systems;
- Analyzing IC ITE software and data services for variances from IC security policies;
- Performing network, application, data, and identity penetration testing; and
- Developing vulnerability assessments and reports.
• Assist with analyzing, assessing, developing, implementing, integrating, and maintaining security engineering and security architecture initiatives
• Assist with conducting technical systems policy-based controls, penetration security test assessments, periodic reviews, and post-assessments throughout the lifecycle of a system or a program leading to system or program security controls guidance
• Support risk determination process based on Intelligence Community Directive (lCD) 503, Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation
• Assist with development, implementation, integration, oversight, and coordination of governance activities for IC cyber security and integrated defense
• Assist with coordination and participate in IC and National-level cyber security exercises
• Provide information systems and security engineering support for the development, implementation, and evaluation of audit, authentication, authorization, and identity initiatives for IC ITE and legacy environments.
• Support the coordination, development, and review of policies and mechanisms to identify common standards and guidelines relating to classification, testing, security authorization, information assurance, and risk management to achieve accreditation reciprocity
• Review and analyze implementation plans from IC ITE service providers (IC agencies responsible for implementing IC ITE initiatives) across the IC
• Support the analysis, development, evaluation, and production of all IC IA cyber security compliance and performance reports.
BS degree with 10+ years of experience or MS degree with 8+ years of experience or PhD with 5 years of experience.
- Bachelor’s Degree in Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, or a closely related Engineering or IT discipline.*
- 10 years or more of developing, implementing, integrating, maintaining, and evaluating security engineering and security architecture for IT enterprise architectures.
- NIST SP 800-53/CNSS 1253 or network penetration testing experience
- Active Certified Information Systems Security Professional certification (CISSP).
- Active TS/SCI with Polygraph
* 5 additional years designing, integrating, and maintaining enterprise IT and related mission systems may be substituted for the required Bachelor’s degree.
- Excellent communications, customer-relations, task leadership, and time management skills.
- 5 years or more performing vulnerability assessment for at least one of the following: data-marts, application clouds, desktop and collaboration suites, application distribution and license management systems, access control systems, big-data management and search systems, data transport systems, world-wide networks, IT health and status monitoring systems, IA threat management systems, or ITSM incident and service request management systems.
- Very familiar with at least one of the following: NSA, CIA, NRO, NGA, DIA, DHS, FBI or DoD information security architectures.
- Very familiar with the Federal Information Security Risk Management Framework (RMF).
- Active Certified Ethical Hacker (CEH) certification.