Information Assurance Engineer

I

Input Technology Solutions

Information Assurance Engineer

Aberdeen Proving Ground, MD +1 location
Full Time
Paid
  • Responsibilities

    Basic Qualifications:

    An individual must meet the following criteria to be considered:

    • U.S. Citizen
    • Pass a background investigation
    • Possess an active TS/SCI security clearance
    • Education: Master’s degree (degree can be substituted with a Bachelor’s degree in a technical discipline and relevant technical experience)
    • Ten (10) or more years of relevant experience. Minimum 2 years of experience directly supporting a customer’s ATO/RMF process.
    • Possess DoD 8570-compliant security certifications to meet IAT II requirements (Security+ CE, CISSP, etc.)

    Job Highlights:

    Join our client's Information System Security Engineering team to help engineer systems that utilize existing and emerging technologies. In this role, you will perform the tasks in coordination with government personnel to provide the cybersecurity support services and solutions necessary to build, integrate, enhance, improve, modernize, implement, test, analyze, assess, sustain, and maintain the cybersecurity posture and capabilities.

    General Required Skills:

    • Proven experience using the eMASS or XACTA accreditation management software systems.
    • Demonstrated experience and familiarity with DoD and Army Cybersecurity Policies and Regulations and Risk Management Framework (RMF) Assessment and Authorization (A&A) process, including the provisions of ICD 503, the planning and execution of Security Test and Evaluation (STE), and Cybersecurity Test and Evaluation (CTE) events
    • Advanced experience with SELinux, Linux, and Windows server systems
    • Understanding of networking fundamentals and network protocols, like TCP/IP, SSH, SFTP, HTTP, and SCP
    • Experience with DoD RMF Steps 1-7, ICD 503, CNSSI 1253, and NIST Special Publications
    • Experience with the DoD Security Technical Implementation Guides (STIGS), Security Requirements Guides (SRG), and industry best practices for various applications
    • Experience with Assured Compliance Assessment Solution (ACAS) and Host-Based Security Suite (HBSS) applications
    • Knowledge of computer networking concepts and protocols, and network security methodologies.
    • Knowledge of cyber threats and vulnerabilities.
    • Knowledge of cybersecurity principles.
    • Knowledge of national and international laws, regulations, policies, and ethics related to cybersecurity.
    • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
    • Knowledge of specific operational impacts of cybersecurity lapses.

    Desired Skills:

    • Proficiency in interpreting and communicating government policy to a diverse audience.
    • Ability to multitask under pressure, using time management and organizational skills.
    • Specific experience working in both traditional on premises environments and cloud environments such as Amazon Web Services (AWS).
    • Experience accrediting IT systems against U.S. Government standards including NIST SP 800-53, CNSSI 1253, and the DISA STIGs, using frameworks like DoD RMF, ICD 503, or DIACAP.
    • Initiative in proactively identifying problems before they arise and creativity in proposing solutions.

    Key Job Functions:

    • Achieve ATOs across multiple government customers with minimal oversight.
    • Partner with engineers to analyze software, interpret security requirements, and plan effective control implementations.
    • Provide outstanding customer service, policy expertise, and high-quality documentation.
    • Serve as the primary in-person point of contact for one or more U.S. Government customers on cybersecurity and compliance requirements and questions.
    • Independently interpret the findings of vulnerability scanning utilities such as ACAS (Tenable Nessus) and SCAP (STIG benchmark) and manage a Plan of Actions and Milestones (POA&M) for remediation of findings.
    • Assist customers in identifying security solutions for the company's networks and virtual private networks, application systems, key public infrastructures, authentication, and directory services to ensure the security of the network and confidential data.
    • Perform vulnerability scans of networks to identify security vulnerabilities, provide remediation alternatives, and conduct security risk assessments to ensure compliance with corporate security policies and best practices.
    • Design enterprise and systems security throughout the development lifecycle; translate technology and environmental conditions (e.g., law and regulation) into security designs and processes.
    • Provide subject matter expertise and analysis to bridge the gap between high-level security requirements and policies and ensure their integration into information technology component products and information systems through purposeful security design or configuration.
    • Provide security consultation/guidance and engineering to PM product owners, customers, system owners, and developers, and maintain security process coordination within the Department's lifecycle management and governance process.
  • Locations
    Aberdeen Proving Ground, MD • Fort Belvoir, VA