|Reference # : ||17-05103
||Title : ||Information System Security Engineer|
|Position Type : ||Contract|
|Experience Level : ||10 Years
||Start Date / End Date : ||01/01/2018 / 01/05/2019
| Description |
|General Position Overview: The Information System Security Engineer will serve as a member of the Cyber Security team within BPA Information Technology (IT) & be responsible for engineering, planning, implementing, upgrading or monitoring security measures for the protection of computer networks & information. Position is responsible for conducting information system security engineering activities which include designing & developing organizational information systems or upgrading legacy systems. Employs best practices when implementing security controls within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, & secure coding techniques. Coordinates security-related activities with information security architects, senior information security officers, information system owners, common control providers, & information system security officers.|
Typical Tasks may include, but not limited to:
? Evaluate various different technical, operational and management solutions to security problems, using written language & various media to present alternatives and recommendations.
? Develop documentation sufficient to arrive at logical & comprehensive conclusions and recommendations.
? Technical Implementation of networks & systems.
? Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
? Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
? Review violations of computer security procedures.
? Monitor use of data files and regulate access to safeguard information in computer files.
? Modify computer security files to incorporate new software, correct errors, or change individual access status.
? Perform risk assessments & execute tests of data processing system to ensure functioning of data processing activities and security measures.
? Ensure appropriate security controls are in place to safeguard digital files and vital electronic infrastructure. May respond to computer security breaches & viruses.
? Train users, promote security awareness to ensure system security & to improve server and network efficiency.
? Coordinate implementation of computer system plan with establishment personnel & outside vendors.
Typical Work Activities may include:
? Conduct Security Audits to identify potential problems related to physical security, staff safety, or asset protection.
? Design Cyber Security policies, programs, or practices to ensure adequate security relating to issues such as protection of assets & access card use.
? Recommend improvements in security systems or procedures.
? Engineer, install, and maintain security systems, programmable logic controls, or other security-related electronic systems.
? Identify system data, hardware, or software components required to meet user needs.
? Provide guidelines for implementing secure systems to customers or installation teams.
? Monitor system operation to detect potential problems.
Education & Experience Requirements:
? Bachelor of Science Degree in Computer Science, Information Technology or closely related field is highly desirable.
? 10+ years of related IT network or equivalent experience is required (4 years of experience can be substituted with specified Bachelor degree(s))
? Candidate?s past experience must include work in hands-on technical implementation of networks & systems.
? Demonstrated experience evaluating various different technical, operational and management solutions to security problems, using written language & various media to present alternatives and recommendations.
? Proven ability to develop documentation sufficient to arrive at logical & comprehensive conclusions and recommendations. Documentation must be of a sufficient professional level to stand as an artifact for reuse as part of the security architecture.
? Position requires 3+ years previous experience effectively performing security control implementation on networks, servers and systems and/or vulnerability assessments.
General Skills Requirements:
? Knowledge of United States (US) Government security authorization (certification and accreditation) policies and processes.
? Ability to independently and, as a team member, plan, execute and document security tests and evaluations.
? Ability to perform analysis of in-place technical and non-technical security controls protecting information and information systems.
? Ability to clearly communicate results of discussion, artifacts & recommendations.
? Possess strong technical writing & reporting skills including managing related documentation and files.
? Demonstrated verbal communication skills, as well as well-developed technical and English language skills to communicate effectively via telephone, e-mail correspondence, & in-person meetings.
? Familiarity with the System Development Life Cycle and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, 800-94 & 800-115).
? Knowledge of networking and internetworking (e.g. routing, switching etc.), computer and network device operating systems (e.g. Windows, Unix, Linux, IOS etc.), firewalls, & general security engineering concepts.
? Knowledge of networking and internetworking protocols & their associated vulnerabilities.
? Knowledge of vulnerability research methodologies & sources.
? This position requires confidentiality, professionalism & requires passing a higher level background investigation, for which the incumbent must qualify to hold or continue to the position.
? Computer Access: The work to be performed by the Security Engineer requires user level and at times privileged access to BPA IT networked & desktop systems, which may contain data and information falling under one or more of the following categories: Official Use Only (OUO), Critical Infrastructure Information (CII), Privacy Act, Personally Identifiable Information (PII), and/or Sensitive Unclassified Information (SUI).
? For Contract Personnel requiring privileged access to BPA IT systems, the following conditions apply, and the Contract personnel acknowledges the following:
o Contract personnel will conform to all BPA IT cyber security requirements and policies regarding privileged access, with special emphasis on the Program Cyber Security Plan (PCSP) & the BPA Manual (BPAM) Chapter 1110;
o Access is granted on the basis of need only, as established by the organizational supervisor, and under the least privilege policy.
Knowledge, Skills & Abilities:
Knowledge - the specific position may require any or all of the following:
? Computers & Electronics ? Knowledge of circuit boards, processors, chips, electronic equipment, and computer hardware and software, including applications and programming.
? Engineering & Technology ? Knowledge of the practical application of engineering science and technology. This includes applying principles, techniques, procedures, and equipment to the design and production of various goods and services.
? Mathematics ? Knowledge of arithmetic, algebra, geometry, calculus, statistics, & their applications.
? Design ? Knowledge of design techniques, tools, & principles involved in production of precision technical plans, drawings, and models.
? Customer & Personal Service ? Knowledge of principles and processes for providing customer & personal services; includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction.
? Administration & Management ? Knowledge of business and management principles involved in strategic planning, resource allocation, human resources modeling, leadership technique, production methods, and coordination of people and resources.
Skills ? The specific position may require any or all of the following:
? Active Listening ? Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
? Critical Thinking ? Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems.
? Complex Problem Solving ? Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
? Operations Analysis ? Analyzing needs and product requirements to create a design.
? Speaking ? Talking to others to convey information effectively.
? Writing ? Communicating effectively in writing as appropriate for the needs of the audience.
? Systems Evaluation ? Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
? Systems Analysis ? Determining how a system should work and how changes in conditions, operations, and the environment will affect outcomes.
? Active Learning ? Understanding the implications of new information for both current and future problem-solving and decision-making.
Abilities ? The specific position may require any or all of the following:
? Originality ? Ability to come up with unusual or clever ideas about a given topic or situation, or to develop creative ways to solve a problem.
? Deductive Reasoning ? Ability to apply general rules to specific problems to produce answers that make sense.
? Inductive Reasoning ? Ability to combine pieces of information to form general rules or conclusions (includes finding a relationship among seemingly unrelated events).