Information Assurance Engineer

About The Position

Requirements

• Requires a Bachelors degree in Engineering, or a related Science or Mathematics field. Also requires 2+ years of job-related experience or a Master's degree.
• Ability to obtain a Department of Defense Secret security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required.
• Solid application of systems engineering concepts, principles, and theories.
• Solid understanding of verification and validation process.
• Skilled in communicating issues, impacts, and corrective actions to leadership.
• Demonstrated ability to clearly recognize and report relevant system security concerns and issues.
• Ability to participate in and contribute to multiple work groups.
• Proven ability to leverage technical expertise in the following:
• Nessus (ACAS) Vulnerability Assessment, installation, and management
• Security Technical Implementation Guide (STIGs) to identify, analyze, and remediate security threats
• Network and Systems Administration
• Implementing secure configurations based on NIST (800-53, 800-171) with Continuous Monitoring (CONMON) principles
• Must be able to obtain a Secret Clearance

Nice To Haves

• Knowledge of Risk Management Framework (RMF) is a plus

Responsibilities

• Perform regular vulnerability scans using ACAS to identify security weaknesses and vulnerabilities within the system.
• Analyze scan results and provide detailed reports on findings, including risk assessments and recommended mitigations.
• Implement and manage system security patching processes to ensure timely updates and compliance with security policies.
• Collaborate with cross-functional teams to address vulnerabilities and ensure the security of all systems.
• Develop and maintain documentation related to security compliance, vulnerability management, and patch management processes.
• Stay current with the latest cybersecurity trends, threats, and technologies to proactively protect the organization's assets.
• Ensure compliance with relevant regulatory requirements and industry standards (e.g., NIST, RMF, STIG, etc.).
• Conduct security audits and assessments to verify compliance with established security policies and procedures.
• Reviews results of vulnerability assessments and code reviews and informs management of vulnerabilities, risk and mitigation.