Jacobs Jobs

Job Information

Jacobs Security Engineer in Crystal City, Virginia

Challenging Today. Reinventing Tomorrow.

We're invested in you and your success. Everything we do is more than just a project. It's our challenge as human beings, too. That's why we bring a thoughtful and collaborative approach to every one of our partnerships.

At Jacobs, we challenge the status quo and redefine how to solve the world's greatest challenges, transforming big ideas into intelligent solutions for a more connected, sustainable world.

Design your career with a company that inspires and empowers you to deliver your best work so you can evolve, grow and succeed – today and into tomorrow

Your Impact:

Jacobs is looking for a Security Engineer to support its federal client program in Crystal City, VA.

Duties/Tasks and Responsibilities:

• Responsible for the security of ITADD applications, to include: Incident response and recovery plans Cyber resiliency analysis and planning

• Web application and platform security testing

• Designs monitoring and alerting capabilities for anomalous activity in ITADD systems

• Monitors platform and application for anomalous activity in ITADD systems

• Understands application critical data and vulnerability points and Coordinates with industry partners to advise the government on security vulnerabilities and recommendations.

Here’s What You’ll Need:

Qualifications:

• Must have active Top-Secret Clearance with SCI eligibility

• 10 years of experience in software engineering, program design and implementation, configuration management, maintenance, integration testing, or information system engineering

• 5 years of experience in system security analysis and implementation; secure system engineering or design; and work in protocol and/or interface standards

• Must have experience completing ATO packages and NESSUS system scans.

Desired Requirements:

• 8+ years’ experience performing systems security assessments, preparing system security documentation (cloud platforms (SaaS, PaaS, IaaS) and enterprise servers) leading to successful security authorization of such systems.

• 8+ years IT Security experience with extensive knowledge in Risk Management Framework (RMF) supporting Assessment and Authorization (A&A).

• 5+ years IT Security experience interviewing project teams to elicit and complete system security plans (SSPs), FIPS 199, and other relevant documentation.  

• Provide oversight of security compliance and guidance for development, test, and production systems.

• Participated in the annual Contingency Plan and Incident Response tabletop or functional exercises.

• Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using a GRC system.

• Conduct cloud-based, vulnerability and STIG scans.

• Work with government stakeholders to resolve computer security incidents and vulnerability compliance.

• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plan)

• Ensure that Plans of Actions and Milestones or remediation plans are in place for vulnerabilities identified during risk assessment.

• Review Splunk audit logs and provide front-end support lightweight admin support.

• Nessus front-end application experience (i.e. create Active Scans, scanner configuration, schedule jobs).

• Provide security guidance to the PM and Tech Lead and participate in daily scrum meetings.

• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk.

• Enforce security policy compliance and mitigation of risks to an acceptable security level.

• Performs other related duties and assignments as required.

• Provide Configuration Management for security-relevant information system software, hardware, and firmware; Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

• Apply a full range of Cybersecurity policies, principles and techniques to maintain security integrity of information systems processing classified information.

• Familiar with external audit or data calls (FISMA, IRS).

#cjcyber

#justice

Jacobs is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, religion, creed, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, medical condition, marital or domestic partner status, sexual orientation, gender, gender identity, gender expression and transgender status, mental disability or physical disability, genetic information, military or veteran status, citizenship, low-income status or any other status or characteristic protected by applicable law. Learn more about your rights under Federal EEO laws (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) and supplemental language (https://www.eeoc.gov/sites/default/files/migrated_files/employers/eeoc_gina_supplement.pdf) .

DirectEmployers