Sr. Security Specialist/ Engineer Scientist 2

Telos Corporation Charleston, SC 29404 2016-12-01
Job Description:
This position will be located in Honeywell Facilities in
North Charleston, SC.

  • Provide IA support that include providing C&A
management, C&A technical, Security Test and
Evaluation (ST&E), and independent verification and
validation (IV&V) support to networks/enclaves and
programs of record (PORs)/platforms information
technology (PITs), automated tool support, C&A
assessment and package development support, and
incident response support.
  • Provide assistance to enclave personnel in
completing required C&A documentation, addressing
Security Test and Evaluation (ST&E) results, and
assisting enclave personnel in preparing Interim
Approval to Operate (IATO) and ATO packages for
review by the Validator, Certifying Authority (CA),
and the Operational Designated Approval Authority
  • Provide assistance to Navy Medicine sites in
updating outstanding actions contained in their
plans of action and milestones (POA&Ms);
recommending security risk-mitigations; and
requesting extensions for expiring IATOs as required
  • Conduct liaison with Navy Medicine sites in
preparation for C&A activities
  • Make recommendations concerning certification;
support and provide minutes and status reports for
collaborative meetings with Navy CA/ODAA points of
contact to update and enhance C&A documentation
  • Prepare recommendations and project timelines for
completion of the C&A process; provide C&A metrics;
and update the NAVMISSA status trackers as required
  • Participate in C&A process improvement activities.
  • Use automated collection utilities that supplement
and expedite this information-gathering process by
performing system discovery, and hardware and
software listings.
  • Use Software and testing tools such as eye Retina,
Nessus, DISA SRR scripts, and ACAX will be used to
perform non-invasive independent application and OS
software and patch inventory and configuration
collection of all system servers and workstations.
  • Use Nessus/ACAS/Retina or other approved automated
tools will be used via an approved testing
methodology to gather version information for all
applications and detailed configuration data about
the underlying operating system and will leave no
data or executables on NAVMISSA equipment.
  • Develop the C&A plan for IV&V/ST&E efforts
  • Candidate must be familiar with Defense Information
Systems Agency (DISA) Security Technical
Implementation Guides (STIGs), Health Insurance
Portability and Accountability Act (HIPAA)
  • Must be familiar with IA vulnerability management
(IAVM) compliance, and other Navy requirements,
policies, and best business practices;
  • Conduct IV&V and ST&Es activities at NAVMISSA
network/enclave sites and PORs/PITs using
standardized procedures and scoring methodology IAW
DoD policy and DIACAP
  • Validate all applicable IA controls; perform a
vulnerability and risk assessment of identified
vulnerabilities and identify countermeasures
  • Consolidate, review, analyze, and produce reports
containing the assessment and ST&E results to Navy
Medicine stakeholders.
  • An active Secret Clearance or the ability to obtain
one is required. Preference will be given to those
applicants with active Secret clearances.
  • Meet DoD 8570 qualifications of IAM Level I or IAT
Level II
  • B.S. in System Engineering, Physical Science, or
some related field and 0-3 years of experience is
  • A background Systems Analysis, Systems Architecture,
Systems/Equipment Support, Test and Evaluation, and
Logistics support of C5ISR requirements
  • Must have knowledge of the following Operating
Systems at a minimum; Windows (7, 8, 10), Windows
Server (2012, 2016).
  • Must be familiar with and have a working knowledge
of Department of Defense Instruction (DoDI) 8500.2
and DoDI 8510.01 the Department of Defense
Information Assurance Certification and
Accreditation Process (DIACAP). Also DoD Directive
8500.1 .
  • Must be able to use and have a working knowledge of
Department of Navy IA process and C&A Handbook, DoD
approved security tools such as Secure Configuration
Compliance Validation Initiative (SCCVI) that
include eEye Retina, and the Assured Compliance
Assessment Solution (ACAS). Candidate must be able
to perform monthly security scans on Navy networks
and provide information to be used in reporting IAVM
status of Navy systems and also provide FISMA
information for systems.
  • Strong written and verbal communications skills and
the ability to interact with people at all levels
are required
  • A professional attitude regarding attention to
detail and customer service and excellent
organizational skills are required
  • The successful candidate must meet eligibility
requirements to access classified Information, which
requires a US citizenship.