Engility was launched in 2012 as an independent company made up of leading businesses within L-3's Government Services segments: including MPRI, Command & Control Systems and Software (C2S2), Global Security & Engineering Solutions (GS&ES), Linguist Operations & Technical Support (LOTS) and Engility Corporation and International Resources Group (IRG).
SAIC is seeking a Cyber Security Manager to join SAIC to support our customer in Washington, D.C. The team operates within the agency's Information Technology Infrastructure Operations Department (ITIOD). The role is a part of the Development, Modernization, and Enhancement Team providing engineering solutions in support of the ITIOD.
* Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
* Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises.
* Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs.
* Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
* Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
* Prepares security reports to regulatory agencies. Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
* This includes process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.
* Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring.
* Performs analyses to validate established security requirements and to recommends additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
* Periodically conducts of a review of each system's audits and monitors corrective actions until all actions are closed.
* Manages subordinate management and/or experienced specialist employees who exercise significant latitude and independence.
EDUCATION AND EXPERIENCE: Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
* 10 years of experience in Information Technology field
* 8 years of experience with Transmission Control Protocol (TCP)/IP or Windows or Unix/Linux operating systems or network devices such as firewalls, gateways, proxies and similar IT devices.
* 5 years of specific experience in cyber security and managing security operations center (SOC) personnel in an environment similar to PBGC size and scope.
* 3 years of experience utilizing IT Security tools such as BigFix SCA, Splunk, Sourcefire, Symantec Antivirus, Tenable Nessus & Security Center in automating continuous monitoring tasks.
* 3 years of demonstrated experience in developing POAMs, gap analysis, vulnerabilities, and responding to audit findings, including the use of assessment and authorization management tool such as CSAM, RSA Archer, Exacta, or eMASS.
* Minimum 3 years specific experience in developing and documenting processes compliance with NIST 800-37, 800-53 Rev 3 and 4 security controls and NIST guidance in general including extensive knowledge of obtaining ATOs and developing system security plans.
* Excellent in oral and written communication skill.
* CompTIA Security
* ITIL V3 Foundation Certification
* Certified Assessment Professional (CAP)
* Certified Information Systems Security Professional (CISSP)
* Project Management Professional (PMP)
* Certified Ethical Hacker (CEH)