Information Assurance Engineer

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a closely related field.
• Minimum 7 years of experience in federal information system security as ISSO, security lead, or security engineer for complex systems.
• Excellent written and oral communication skills, with proficiency in presentation development and technical documentation.
• Active certifications such as CISSP, CISA, CISM, or CCSP are required.
• Ability to obtain a government security clearance.
• Solid understanding of FISMA, OMB regulations, and NIST security standards.
• Proven experience in risk management and hands-on experience in identifying, analyzing, monitoring, and mitigating risks.
• Proficiency in vulnerability management, including patch management and regular system scanning.
• Strong background in ensuring the security of cloud-based and traditional hosting environments, focusing on FISMA and FedRAMP compliance.
• Cloud security knowledge in AWS and Azure.
• Capability of handling parallel tasks according to priorities in a fast-paced IT environment.

Nice To Haves

• DMV location is preferred.
• Incident response experience.
• Hands-on experience on Windows, Linux, and networking platforms.
• Experience deploying and customizing security tools to address threats and lower risk.
• Knowledge of networking and web protocols (TCP/IP, HTTP, TLS, REST).
• Understanding of modern cloud technology components and deployment patterns.

Responsibilities

• Have a thorough understanding of federal security requirements and guidelines (e.g., 800-53 Rev 5 and M-22-09) and explain implementation best practices.
• Be responsible for the security well-being of IT operating environments and manage security compliance.
• Conduct regular security assessments and audits, providing documented results and recommendations to senior management.
• Develop, update, and maintain security documents including System Security Plans (SSPs) and Risk Assessments.
• Create management-level security reports and present security status to customer stakeholders regularly.
• Familiarity with Cyber Security Assessment and Management (CSAM) and maintain controls under NIST SP 800-53 Rev. 5.
• Develop incident response exercise scenarios and lead their execution.
• Lead incident response team and conduct investigations in case of security breaches.
• Lead security authorization activities in compliance with FISMA and federal agency requirements.
• Conduct Continuous Monitoring in a hybrid multi-cloud environment for potential security threats and vulnerabilities.
• Stay updated with the latest security trends, threats, and mitigation techniques.

Benefits

• Flexible work schedule with remote work options.
• Opportunities for professional development and training.
• Health insurance coverage.
• 401k retirement savings plan.