Information Assurance Engineer/ISSO

About The Position

Requirements

• College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline
• Must be available to work 100% onsite in Sterling, VA.
• Certifications: minimum Security+ CE or equivalent
• Demonstrated knowledge of NIST Information Technology Security Special Publications (SP) 800 series, with emphasis on NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53A, “Guide for Assessing the Security Controls in Federal Information Systems”
• Professional Experience: 7+ years related technical experience
• Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement
• Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas
• Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness
• Experience with continuous integration tools and environments
• Demonstrated experience with DISA Security Technical Implementation Guide (STIG) implementation and Security Content Automation Protocol (SCAP) tool usage
• Active Top Secret clearance with SCI eligibility.

Nice To Haves

• CISSP or CASP preferred.

Responsibilities

• Perform all Information System Security Officer (ISSO) duties and responsibilities in accordance with DODI 8500.01, DODI 8510.01.
• Support development and analysis of Assessment & Authorization (A&A) and Life Cycle Management documentation of systems and/or networks.
• Prepare and maintain Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using eMASS, XACTA, or other approved A&A tools, including System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254, or the Authorizing Official (AO).
• Assist with the development and maintenance of all necessary A&A documents
• Provide coordination, tracking, and management through all aspects of the initial and recurring A&A processes.
• Conduct independent assessments of all required security controls including interviews, examinations, and testing and prepare the assessment findings report.
• Work with system owners to resolve findings and answer questions.
• Perform cybersecurity review and validation services for cybersecurity authorization deliverables and record results.
• Support the Risk Management Framework (RMF) process using applicable tools.
• Attend and participate in required meetings or teleconferences.
• Continuous monitoring and plans of action and milestones (POA&M) management.
• Work in a multi-task in a dynamic, fast-paced environment.
• Provide analytical, communication and troubleshooting skills that enable proactive and effective collaboration, including the ability to clearly articulate status and present to both customers and program leadership.
• Excellent written and verbal communication skills
• Strong collaboration skills and desire to work within a team
• Highly responsible, team-oriented individual with very strong communication skills and work ethic; self-starter

Benefits

• healthcare
• wellness
• financial
• retirement
• family support
• continuing education
• time off benefits