Security Engineer – Accreditation/Compliance/RMF in Washington, DC at General Dynamics Information Technology

Date Posted: 6/23/2020

Job Snapshot

Job Description

Principal Duties and Responsibilities:

Create Risk Management Framework (RMF) documentation and artifacts. Collaborate with software development and Operations and Maintenance (O&M) engineers, ensuring implementation of risk mitigation into legacy systems operations and software development.

  • Familiarity with cloud smart executive order, RMF modernization and streamlining, security control mapping of inheritance modeling.
  • Information Assurance Analyst part of a team leading and managing DoD Risk Management Framework (RMF) processes.
  • Support application security activities related to the configuration and implementation of software applications and their related infrastructure to satisfy identified security procedures and policies.
  • Intimately familiar with DISA STIGs, FISMA Compliance Requirements, NIST 800 Series, Central Intelligence Directives (DCID); and IC Directives (ICD), including DoD Instruction (DoDI) 8500.1, DoDI 8500.2, DoDI 8510.01, DCID 6/3, ICD 503, DoD Intelligence Information Systems Joint Security Implementation Guide (DJSIG),
  • Work in an enterprise environment supporting on-premise applications and enterprise service for cloud extension/ deployment
  • Proficiency in performing risk-based reviews of Security Authorization Package
  • Review and updating System Security Plans and privileged and general user’s guides. Depending on whether the effort is new or ongoing, the additional information that may be required within the BOE includes:

    CONOPS.

    All approved Memorandums of Understanding (MOUs), Memorandums of Agreement (MOAs), Interconnectivity Agreements, and Production Data Waivers (PDWs).

    System Control Traceability Matrix (SCTM).

    Plan of Action and Milestones (POA&Ms).

    Scan Results (internal).

    Scan Results (from the Security Control Assessor).

    Security Assessment Report.

    Risk Assessment Report.

    Continuous Monitoring Plan.

Desirable Skills / Experience:

  • Experience with CI/CD pipeline
  • Experience in AWS, Azure or other Cloud Service provider
  • Experience with DevOps/DevSecOps methods in support of continuous development, continuous integration environments.
  • Knowledge and understanding of ITIL Service Design process and procedures.
  • Experience working in the Agile Software Development and Testing framework

Security Clearance:

  • TS/SCI required
  • Candidates must be willing and able to attain a CI Polygraph
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.