NASA IV&V Cyber Information Assurance Engineer
Reference
Job Type Full-time
Job Status Sourcing
Date Posted Wednesday, 21 February 2018
Location Fairmont, WV
Duration
Job Description

NASA Cyber Information Assurance Engineer


Job Location – WV -Fairmont


Requisition ID: 2017-38548


Category: Cyber Security


Description


MPL Corporation is seeking a Cyber Security Engineer to join our team of qualified, diverse individuals. This position will be located in Fairmont, WV.  We support NASA’s Independent Verification and Validation (IV&V) Program, primarily delivering analysis, validation and verification of safety-critical and mission-critical software for important NASA science and human exploration programs.


 


Roles and Responsibilities – as a member of the team:



  • Performs independent assessments (Ensuring that the cyber security architecture and design of the customer’s systems will be functional and secure with the ability to detect and respond to Cyber events) and penetration tests on development and large-scale operational environments. 

  • Provides security engineering, integration, technical assessments, and solutions to enable Defensive Cyber Operations.

  • Evaluates and applies government cyber security (e.g. NIST) policies and instructions.

  • Performs mentoring and training on cyber security and information assurance methodologies/techniques.   

  • Collaborates with cross-functional teams of security and systems analysts performing assessments and/or verification and validation analyses. 

  • Prepares presentations, reports, research, and other contract deliverables related to mission assurance analyses performed. 

  • Supports IV&V project lead directly as knowledgeable reviewer of IV&V security analysis products and services.  Participates in Risk Management process as it relates to execution of the mission assurance and/or IV&V projects and to the software/systems development project being evaluated by the IV&V team. 

  • Performs technical task planning and supports the Project Lead in the execution and control of the tasks.  Participates in selected programs, events, and meetings involving staff, Government customers, and visitors.  Work is performed on-site in Government facilities. 

  • Occasional travel will be required


Required Qualifications



  •  Experience in one or more of the following:Packet analysis, vulnerability scanning, code review, and network modeling.Experience with cyber threat hunting, indicators of compromise, and root cause resolution.

    • Security engineering and analysis, architecture, design, NIST, security controls, Certification & Accreditation (C&A), Assessment & Authorization (A&A), risk assessment, vulnerability and threat assessment.

    • Performing vulnerability assessments, independent security assessments, and penetration testing on mission-critical systems.

    • Selecting, implementing, documenting, and assessing NIST security controls on large complex mission-critical systems.

    • Writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.




  • Working knowledge of applying Cyber Security and Information Assurance techniques in all system development life-cycle (SDLC) phases.

  • Knowledge of operating systems internals (Linux, Windows, Solaris), network protocols and technologies, firewalls, web services, databases, scripting and programming languages (C/C++, Java, Perl, Python, Assembly).

  • Experience applying NIST 800-37 and 800-53 to development and operational systems.

  • Minimum of 9 years of experience with a Bachelor’s degree in Computer Science, Systems Engineering, Aerospace Engineering, Electrical Engineering, Computer Engineering, Information Systems, or other software-related engineering program, OR an additional 4 years of directly related experience in lieu of degree.

  • Excellent writing and communication skills are required, and ability to interact well in group meeting/working environments.  

  • Proficiency with MS Office (Word, Excel, PowerPoint, Outlook).

  • Must be able to obtain and maintain a TS/SCI Security Clearance


Desired Qualifications



  • CISSP or experience and expertise in the following domains: Access Control, Telecommunications and Network Security, Information Security Governance and Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operations Security, Business Continuity and Disaster Recovery Planning, Legal, Regulations, Investigations and Compliance, Physical (Environmental)

  • Experience with FedRAMP and 3PAO. Familiarity with UML, static code analysis tools, service oriented architecture, agile processes, project planning/integration, and business process engineering.

  • Security Certifications such as:   Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), Committee on National Security Systems CNSSI-4012, CNSS-4011, NSA-INFOSEC Assessment Methodology (IAM), NSA-INFOSEC Evaluation Methodology (IEM)

  • Experience and expertise with NASA or military programs involving ground communication systems security.

  • Experience and familiarity with the NASA Space Network, Tracking and Data Relay Satellites (TDRS), Space Network Ground Segment, Satellite Mission Operations, or other programs involving ground communications; COTS integration; network performance; software safety; and mission assurance.

  • Work experience with all major aspects of the systems/software development life cycle (requirements, design, implementation, and test) is required.  

  • Familiarity with software architecture, systems engineering, and verification and validation

  • Experience developing Red-Blue Team Cyber War Scenarios and Exercises and developing the environment/infrastructure to perform these exercises.

  • Experience developing training modules to support activities such as penetration testing and ICS vulnerability identification

  • Experience in building/advancing the capabilities of a functional Cyber Lab that includes network/server configuration, hardware procurement, simulation, and virtualization 

  • Understanding or past experience developing RSA NetWitness/YARA Rules

  • Active or prior TS or TS/SCI Security Clearance


MPL Corporation offers an excellent benefits package.  We are dedicated to providing the best possible economic and personal security for each employee.


MPL Corporation is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required.


Email resume to:  jobs@mpl.com

How to Apply
Email Resume To jobs@mpl.com

Go back to last page