Information Assurance Engineer

About The Position

Requirements

• U.S. citizenship and an active SECRET Government Security Clearance with the ability to obtain TOP SECRET, if needed.
• Security+ CE or other 8570 IAT level II certification.
• CISSP certification.
• Minimum 2 years of security implementation experience, including firewalls, IDSs, and encryption protocols.
• Understanding of networking concepts and cybersecurity related tools to include, Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) and Security Content Automation Protocol (SCAP), and vulnerability scanners.
• Experience collecting and analyzing performance data, developing metrics and presenting to Peraton and government leaders.
• Experience using tracking and reporting tools, such as Confluence, ServiceNow, and SharePoint.
• Experience using SIEM and scanning tools, such as Splunk, Nessus, Azure Sentinel.
• Demonstrates flexibility by managing multiple tasks and reprioritizing tasks – often to meet tight and periodically changing deadlines.
• Drives projects to completion in a fast-paced environment.
• Leverages strong written and verbal communications skills to prepare and present technical documentation to audiences with different levels of technical knowledge.
• Transitions seamlessly between being self-directed with limited supervision to being a team player who takes direction from others.
• 9 years with High School diploma; 7 years with AS; 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD.

Nice To Haves

• Linux, Windows, Splunk or other certifications relevant to the position.
• Experience with DevSecOps concepts, tools and automation skills.
• Familiarity with industry standard host-based security systems (HBSS) and Assured Compliance Assessment Solutions (ACAS).
• Experience applying DISA STIGs on Windows and Linux platforms.
• Experience creating and applying Windows GPO policies.
• Knowledge of various network vulnerability scanning and SEIM platforms (Nessus, Sentinel, Splunk.).
• Knowledge of A&A processes and authorization boundaries.
• Knowledge of current IT security best practices, system administration, networking, and OS hardening.
• Knowledge of the Independent Verification & Validation (IV&V) process.
• Mixed operating systems experience (Linux, Windows).
• Application security experience (e.g., OWASP Top 10).
• Experience with Cloudflare WAF.
• Understanding of TCP/IP and UDP protocols, network ports/protocols, and traffic flow.

Responsibilities

• Develop and maintain the Plan of Actions and Milestones (POA&M), Acceptance of Risk (AOR) and other required security documentation processes and procedures.
• Ensure appropriate response to security findings by coordinating activities with multiple operations teams.
• Provide process and remediation recommendations by leveraging knowledge and experience with Common Vulnerabilities and Exposures (CVE).
• Communicate technical findings clearly to technical and non-technical audiences, including project managers, systems engineers, developers, enterprise architects and senior management.
• Review and research vulnerabilities and provide guidance to engineers and respective OS admins to respond to vulnerabilities.
• Provide guidance on vulnerability and risk analysis, including current and emerging technologies and methodologies (including cloud security models).
• Write and implement technical security controls in cloud environments.
• Prepare documentation for new and existing systems and provide training or technical guidance.
• Serve as liaison to clients and participate in meetings to ensure client needs are met.
• Research and collaborate with teams to develop knowledge regarding the environment.
• Prepare reports on investigations, incidents, and other security-related matters.
• Recommend system-level solutions to resolve security.
• Provide security planning, assessment, and risk analysis.
• Ensure data integrity by evaluating, proposing, and providing guidance on appropriate software and hardware solutions while facilitating their implementation.
• Recommend and provide guidance on system enhancements that improve the performance, security, and reliability of the system.