Security Engineer II

Paragon is recruiting for a Security Engineer II to work on the PEO-T contract for USTRANSCOM.

The tasks for this person will be, but not limited to, the following:

* Reviews evolving NIST requirements to support risk assessment activities associated with the affiliated system requirements and specifications.

* Prepares detailed specifications from which cybersecurity deficiencies identified during risk assessment will be mitigated/remediated and conducts follow-up risk assessment to ensure proper secure coding practices are being built-in/enforced to the greatest extent possible. Collaborates closely with government customers to develop appropriate POA&Ms and support risk acceptance activities as needed to support risk management processes.

Qualifications:

1-3 years relevant experience in the following:

* Experience developing and/or reviewing system authorization documentation in accordance with DoD implementation of the Risk Management Framework (RMF)

* Experience participating in Technical Interchange Meetings on a wide range of PMO security engineering topics

* Experience participating in Acquisition program Engineering Milestone Reviews

* Experience coordinating with Development Contractor Security/System Engineers and USTRANSCOM/DISA Security Office to resolve program security issues

* Possess skills to conduct Technical Reviews of Development Contractor produced security deliverables

* Experience performing security activities to maintain authorization of the PMO programs

* Experience using DOD Enterprise Mission Assurance Support Service (eMASS) system

* Experience providing support to ensure PMO systems are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOD regulations, USTRANSCOM requirements, and commercial best practice

* Experience reviewing vulnerability scans using ACAS, Nessus, and Fortify SCA, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions

* Experience supporting the Customer through critical review of documented DISA STIG/SRGs and ingesting them in the government-supplied tools to support risk assessment of the NIST controls.

* Experience writing and tracking POA&Ms

* Experience conducting and evaluating security testing activities including security assessments, audits, and penetration testing

* Experience supporting operational security activities (e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections)

* Experience with security lockdown and/or hardening of servers and network devices

* Ability to coordinate overall security strategy with multiple agencies, Authorizing Official (AO) representatives

* Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues

* Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements

Required Education/Certification

* Active Secret Clearance

* Active IAM II Certification in Good Standing (e.g., CGRC, formerly CAP, CASP+CE, CISM, CISSP (or associate), GSLC, CCISO)

* Bachelor's in Computer Science or Cybersecurity or equivalent