TS/CSI w/Poly Cybersecurity Project Engineer (A&A/ATO/ISSO)

Position is with the VA McLean Customer and requires an active TS/SCI with Full Scope Poly clearance.

Introduction

The Sponsor requires Cyber Security Project Engineering support to ensure the maintenance of cyber security compliance and to shepherd the program through the Sponsor's Assessment and Authorization (A&A) process. The contractor will play a critical role in ensuring that the project's systems and infrastructure are designed and implemented with security in mind, and that they meet the Sponsor's cyber security requirements. This includes ensuring compliance with relevant security controls, conducting risk assessments, and developing mitigation strategies to address identified risks. The Sponsor's A&A process is a rigorous and complex process that requires a deep understanding of the Sponsor's security requirements and the ability to navigate the various stages of the process. The contractor will be responsible for shepherding projects through this process, ensuring that all necessary documentation is completed and submitted, and that projects are properly authorized to operate. The estimated Period of Performance (POP) is 1 (one) year.

Work Requirements

The Contractor shall work with technical team to design, develop, test, and implement new networks and network architecture using current technology, to include authorization and accreditation. The Contractor shall work with the technical team to complete requirements to obtain all required approvals and maintain compliance throughout the full lifecycle of the A&A process. The Contractor shall work with the Sponsor and users to identify and develop system requirements taking into account the desired results, hardware limitations and operating requirements, identified by the Sponsor. The Contractor shall work with technical team to provide operational testing and recommendations for continuous improvement of equipment and software in support of Sponsor’s goals and objectives. The Contractor shall work with the technical team to coordinate across the Sponsor’s organization and business partners to expedite operational approvals. The Contractor shall analyze new technologies, hardware, and software to determine the applicability and need for the existing or proposed system, to include security, storage, and network technology. The Contractor shall ensure compliance with the Sponsor's security requirements, incl. those related to data protection, access control, and incident response. The Contractor shall develop and assist with implementing security controls to protect Sponsor systems and data, including firewalls, multi-factor authentication, and encryption. The Contractor shall work with the technical team to conduct internal risk assessments to identify potential security risks and develop mitigation strategies to address them. The Contractor shall prepare and maintain security documentation, incl. System Security Plans, Security Assessment Reports, and Plans of Action and Milestones. The Contractor shall coordinate with the Sponsor's security team to ensure projects meet the Sponsor's security requirements and to address any security-related issues. The Contractor shall implement the Sponsor's A&A process, including preparing and submitting required documentation and leading the team in A&A meetings and reviews. The Contractor shall ensure projects comply with relevant regulations and standards, including those related to data protection and cyber security, such as Defense Information Systems Agency Security Technical Implementation Guides (DISA, STIGs). The Contractor shall develop and maintain an incident response plan to respond to security incidents, including data breaches and system compromises. The Contractor shall conduct security testing and validation to ensure Sponsor systems and data are secure, including vulnerability scanning and systems hardening. The Contractor shall maintain compliance with the Sponsor's continuous monitoring requirements. The Contractor shall support technical exchange meetings on business and technical requirements.

Requirements

Required Skills and Demonstrated Experience

The Contractor shall have the following required skills, certifications, and demonstrated experience:

   Demonstrated experience with designing and implementing secure communication solutions and networks.

   Demonstrated experience with implementing infrastructure in public cloud domains.

   Demonstrated experience with the Intelligence Community Directive (ICD) 503 Assessment and Accreditation (A&A) process and acquiring necessary approvals to develop, implement and operate systems.

   Demonstrated experience with the A&A processes and cyber security requirements as well as experience with coordinating with multiple entities or organizations to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status.

   Demonstrated experience addressing and implementing system security controls.

   Demonstrated experience triaging and troubleshooting system issues.

   Demonstrated experience producing technical system documentation.

   Demonstrated experience with designing and implementing cloud-hosted infrastructure for use with mobile and commercial applications.

   Demonstrated experience in information security.

   Demonstrated experience transferring, handling, and securing sensitive data.

   Demonstrated experience developing system design diagrams.

   Demonstrated experience developing and briefing system designs to both technical and non-technical audiences to obtain operational and security approvals.

   Certifications: CompTIA Network+, CompTIA Security+, and ISC2 Certified Information Systems Security Professional (CISSP)

Highly Desired Skills and Demonstrated Experience

Skills and demonstrated experiences that are highly desired but not required to perform the work include:

   Demonstrated experience with Sponsor systems, architecture, and data.

   Demonstrated experience providing coordination across Sponsor’s organization and business partners to expedite technology approval.

   Demonstrated experience with the Sponsor’s A&A process and cyber security requirements as well as experience with coordinating across the Sponsor organization to obtain necessary approvals to achieve and maintain Authority to Operate (ATO) status

   Demonstrated experience working independently and collaboratively within a team environment.

   Demonstrated experience developing system design diagrams using Sponsor provided tools.

Certification: EC-Council Ethical Hacker (CEH)

Benefits

Leading Path is an award-winning Information Technology and Management Consulting firm focused on providing solutions in process, technology, and operations to our government and Fortune 500 clients. We offer a professional and family friendly work environment with a strong work-life balance. Leading Path provides a comprehensive and competitive benefits package including fully paid medical/dental/vision premiums, generous PTO, 11 Paid Holidays, 6% 401K contribution, annual training and tuition reimbursement, SPOT Award bonuses, regular team events, opportunities for professional growth and advancement and much more!