Information Assurance Engineer - C

About The Position

Requirements

• Active Top Secret/SCI Security Clearance is required
• IT/Computer Science/Cyber Security Bachelor's (or equivalent) with 10 - 12 yrs of experience or a Master's with 8 - 10 yrs of experience.
• IAM Level III - IAW DoD 8570 Baseline Certifications
• 3 years of experience at the Senior or SME level for Information System Security Engineer, Information Systems Security Manager, Information Systems Security Officer; or 5 years’ experience with RMF, NIST, FISMA, and POA&Ms from a theoretical, practical, and best practice perspective.
• Experience with Cloud environments and cybersecurity requirements.
• Experience using a combination of IA and IT related skills. For this position knowledge and practical experience for the IT/RMF side versus IT/Systems Integration is weighed equally.
• Experience in a role or implementer within the RMF Assessment and Authorize (A&A) process is a must.
• Experience developing, executing, reviewing, and documenting security control test plans and implementation statements.
• Experience investigating and documenting system topology in OV-1 or similar diagrams, to include: Internal/External Ports, Protocols, Internal/External interfaces, Hardware, Software, Cryptography
• Experience with security hardening requirements in accordance with DoD and vendor guidance.
• Experience in vulnerability analysis and patch remediation.
• Knowledge and experience applying security requirements related to applicable control overlays (e.g., Privacy, Classified, Cross Domain Solutions, etc.)¬
• Strong written and verbal communications skills and the ability to interact with people at all levels are required.
• Professional attitude regarding attention to detail and customer service and excellent organizational skills are required.
• Ability to pay strict attention to detail with an emphasis on high quality of deliverables.
• Demonstrated ability to work tasks autonomously.
• The successful candidate must meet eligibility requirements to access sensitive information, which requires US citizenship.
• Telos maintains a drug-free workplace and will conduct drug testing on all applicants who have accepted an offer of employment.
• Telos Corporation participates in the E-Verify program. Therefore, any employment with Telos will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States.

Nice To Haves

• Prefer understanding of policies related to RMF (NIST SP 800-53, CNSSI 1253).
• Prefer experience using the Air Force RMF mandated eMASS and Xacta tools.
• Prefer experience supporting systems in SCI and SAP environments.
• Prefer experience with DISA Security Technical Implementation Guidance (STIG) and Security Requirements Guides (SRG).
• Prefer experience with vulnerability management tools (i.e. ACAS) to validate compliance with security and patch management requirements.
• Prefer experience with operating systems such as Red Hat Linux (primary) Windows (secondary).
• Prefer experience with Amazon Web Services Solutions experience and/or certification

Responsibilities

• Learn and become familiar with the Xacta IA Manager Software Suite and Enterprise Mission Assurance Support Service (eMASS) tools.
• Responsible for entering security aspects of systems, software, applications, DevSecOps and associated RMF A&A data consistent with RMF ISSM responsibilities.
• The position will provide "day-to-day" support for Unclassified, Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
• The candidate will be required to conduct “walkthroughs” of enterprise systems, applications, and DevSecOps projects to collect required artifacts in support of the initial NIST RMF A&A and subsequent continuous monitoring activities.
• The candidate will be responsible for the performance of security control assessment planning and execution in compliance with client policies and procedures with minimal supervision.
• The candidate will have had prior experience working with a wide variety of technologies, be well versed in the current state of information security and be able to interpret requirements of relevant governing bodies (e.g., NIST, CNSSI, JSIG, OMB, GAO, etc.).
• The candidate will utilize Xacta and eMASS to produce Body of Evidence (e.g., System Security Plan (SSP), Risk Assessment Report (RAR), specific POA&M portions, vulnerability reports, etc.) that meets local requirements while maintaining compliance with higher-level governance (e.g., NIST, FISMA, etc.).
• Develop and manage multiple RMF projects in the DAF and AF IC RMF tools such as eMASS or Xacta IA Manager Suite.
• Work with the customer to gather FedRAMP artifacts that will be used to support DAF and AF IC AO risk decisions.
• Perform system auditing, vulnerability risk assessments, hardware/software configuration management, and investigations on cybersecurity related security violations/incidents.
• Develop system documentation for information system authorization, security management, and continuous monitoring for assigned systems.
• Assist with providing cybersecurity education and training for all system users on appropriate risk mitigation strategies.
• Interface with internal/external customers to identify requirements and provide problem resolution.
• Perform other administrative and support functions as needed.

Benefits

• generous paid time off
• medical
• dental
• vision
• tuition reimbursement
• 401k