Information Assurance Engineer

About The Position

Requirements

• Requires a Bachelors degree in Engineering, or a related Science or Mathematics field. Also requires 2+ years of job-related experience or a Master's degree.
• Department of Defense TS/SCI security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required.
• Basic understanding of the NIST SP 800-53/JSIG
• documentation such asSecurity Assessment Reports, SCTMs and POA&Ms
• Experience with Risk Management Framework (RMF) and compliance automation tools
• Experience with various system security assessment/hardening tools - SCAP Compliance Checker, STIG Viewer, ACAS/Nessus, etc.
• Self-starter with the ability to operate independently with minimal supervision

Nice To Haves

• Outstanding communications skills
• Ability to work collaboratively in a cross-functional team throughout the system life cycle
• DoD 8570 or 8140 Certification meeting IAM Level II (e.g., CISSP, CGRC, etc.)
• Demonstrated comprehensive knowledge of the DAAPM, NIST 800-53, and NIST 800-171

Responsibilities

• Maintain government compliance for information systems as an Information Systems Security Officer in accordance with Program Requirements and the JSIG/NIST 800-53
• Execute or support the execution of A&A activities, including development of required security documentation, including items such as System Security Plans, Security Assessment Reports, SCTMs and POA&M
• Work closely with other ISSOs, the Information Systems Security Manager (ISSM) and Facility Security Officers (FSO).
• Perform weekly system audit reviews, media reviews, hardware/software configuration management
• Execute security testing and evaluation to ensure correct implementation of security controls
• Support the assessment and mitigation of vulnerabilities throughout a system's life cycle
• Conduct IA security education training for all system users on appropriate risk mitigation strategies
• Perform incident response and cleanup actions, when necessary, per company or customer directions
• Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures outlined in the System Security Plan (SSP)