Systems Engineer (IM3)

Join our dynamic team as a Systems Engineer at Case Management Consulting!

This position requires an active TS/SCI Security Clearance (with the ability to obtain a CI poly)

The responsibilities of the Systems Engineer for the Information Management Technical Support Team may include:

• Develop, update, and review Risk Management Framework (RMF) documentation, including Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Assess system compliance with National Institute of Standards and Technology (NIST), Department of Defense (DOD), and National Geospatial Agency (NGA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Produce necessary evidence of compliance with NIST, DOD, and NGA security requirements to meet government standards.
• Collaborate with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
• Coordinate with subject matter experts (SMEs), internal teams, and external customers to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
• Analyze vulnerability scans of information systems and assist in remediation tasks.
• Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
• Facilitate or participate in meetings with stakeholders to discuss the status and efforts of SIS systems and report findings to the government.
• Prepare and submit bi-weekly system or program status reports to team leads and the government engineering team.
• Serve as an SME on one or more technologies/skills related to Assessment & Authorization (A&A) activities.
• Actively facilitate and participate in regular A&A status meetings with government and task order personnel to promote progress and address potential issues related to RMF system efforts.
• Participate in sessions to identify, plan, and execute strategies in response to emerging cybersecurity RMF policies.
• Maintain awareness of and knowledge of evolving security and risk management standards, including DOD and NGA policies, procedures, and regulations, and communicate relevant changes to existing processes.
• Ensure proper use of remote access connectivity from NGA to Background Investigation systems approved by NGA’s CIO-T office and maintained per NGA policies and procedures.
• Ensure that File Transfer Protocol (FTP) connections from NGA to the Background Investigation system meet NGA and NIST requirements.
• Ensure that site-to-site Virtual Private Network (VPN) tunnels are established based on NGA and DOD requirements.
• Ensure NGA-approved documentation of all interconnections with systems within the SIS footprint connected to NGA infrastructures.
• Audits on computer systems are conducted to detect, prevent, and document computer use and abnormalities.
• Report any attempts by unauthorized users to access SIS systems to the Information System Security Officer (ISSO) or Information System Security Manager (ISSM) and provide monthly logs to NGA.
• Ensure data is protected per NGA and DOD policies, standards, regulations, and procedures for the specified SIS systems.
• Coordinate the implementation of multiple security countermeasures, such as firewalls, access control, and auditing, to protect the integrity of information assets in SIS systems per accreditation standards using NIST’s Intelligence Community Directive (ICD) 503.
• Develop and update security policies and procedures to align with accreditation standards using NIST’s Risk Management Framework (RMF) and categorization methods.
• Ensure the security system is protected by implementing controls against malicious activities, including intrusion, tampering, and virus detection.
• Document specific equipment restrictions, including all required documentation on interconnections for SIS systems.
• Ensure that no personal computers, peripherals, or computers from other agencies not authorized by NGA’s CIO-T office are used across interconnections or on NGA networks.

Skills and Experience

 Required:

• An active TS/SCI clearance (with the ability to obtain a CI poly)
• Bachelor’s degree or equivalent experience in a related field, specifically in security engineering
• A minimum of 3 to 6 years of relevant experience
• Proficiency in Windows operating systems
• Experience with AWS services
• Familiarity with assessing systems using NIST 800-53 and DISA STIGs and SRGs
• Compliance with DOD 8070/8140 standards and CompTIA Security+ certification
• Competence in RMF package development, including the creation of POAMs (Mitigation Statements), security plans, and risk assessment systems, as well as site policies, procedures, processes, and architecture

Desired:

• Testing Security Test Cases for NIST 800-53 Security Controls
• Nessus & DISA STIG Remediation
• Troubleshooting system issues
• Linux Operating systems

Case Management Consulting is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, pregnancy, childbirth, lactation and related medical conditions, genetic factors, military/veteran status, or other characteristics protected by law.