Job Information
Crest Security Assurance LLC Security Engineer/ Architect in Fort Lee, Virginia
Provide support to the Security Architecture/Engineering Program (SAEP), which is responsible for ensuring design solutions addresses security requirements at a solution or system, network level, enforcing the implementation of common security services and security zones. Support design reviews in accordance with all applicable government directives, approved frameworks, industry standards, and best practices, including to: DoD Security Technical Implementation Guides (STIG), Instructions, Directions, policy, regulations, guides, NSA security guides, government directives, government approved frameworks, to ensure every DoD Information System and Computer Network provides Confidentiality, Integrity, and Availability.
Responsibilities:
Create a SAEP portfolio to encompass all security engineering or architecture projects to be maintained on the Cybersecurity collaboration repository.
Create a SAEP checklist/template for each system type to assess and validate information system security risks and vulnerability controls.
Provide SAEP program support.
Update the SAEP portfolio for:
```{=html}
``` - Newly assigned project with accompanying ITSM Service Request (SR).
Develop and document the current As-Is Common Security Architecture using a government approved framework.
Research and develop a To-Be Common Security Architecture and Engineering Framework recommending a framework and implementation schedule for government approval.
```{=html}
``` - Conduct a design review of government provided significant IT changes (Request for Change (RFC), Service Request (SR)) and generate a Project Design Review Report (PDRR) identifying the findings, violated security standard, evidence and recommended mitigation.
Conduct a design review of Emergency Changes and generate a Project Design Review Report (PDRR).
Represent cybersecurity in meetings and working groups for the proper review of: projects for Engineering, Architecture, or Requirements, Configuration Standards Board, new technologies, requester project reviews, Configuration Control Review Boards and Technical Analysis and Cost Estimates (TACE) project meetings; generate a Project Design Review Report (PDRR) identifying project overview, status in Development Lifecycle, and Security centric solutions or Courses of Action (COAs).
Integrate the approved Common Security Architecture and Engineering Framework into the Security Architecture and Engineering Program, processes, methodology and services and provide an updated analysis in the PDRR.
Provide Security architecture support to Enterprise Architecture planning and strategies.
Create, manage, and maintain a document central repository for SAEP program.
Create SAEP Program Metrics to measure progress towards SAEP goals, the quality of architecture products and management processes, compliance with the architecture, and SAEP return on investment, and obtain approval of these metrics for use in assessing the SAEP Program; provide a monthly SAEP Metrics Report.
Maintain a metrics repository which captures all pending, completed and new projects with accompanying ITSM SR.
EOE