Information Assurance Engineer

About The Position

Requirements

• Information Systems Assessment and Authorization analyst experience
• Experience supporting IT Service Management
• Experience with USTRANSCOM or similar command, control, communications & cyber systems directorates
• Experience with Cyber Security and Assessment Management (CSAM) system
• Experience with creating and maintaining modification documentation
• Experience maintaining waivers and Risk assessments for ISSMs
• Experience assisting ISSMs with security decisions
• Experience facilitating preparations for Contingency/Incident response assessments
• Experience performing and documenting risk assessments
• Experience analyzing security vulnerabilities and metrics
• Experience designing and developing Systems Security Plans
• Experience reviewing and validating System Test and Evaluation (ST&E) and Interim Authority to Test (IATT) reviews
• Experience reviewing and conducting NIST-based Self Assessments
• Experience developing POA&Ms
• Experience requesting risk acceptance for vulnerabilities
• Experience creating and tracking POA&Ms for mitigation of risks
• Experience designing and developing Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs)
• Experience developing and conducting System Test and Evaluations (ST&Es)
• Experience developing and conducting Independent Verification and Validation (IV&Vs)
• Experience utilizing the eMass tool
• Experience utilizing the PPSM tool and processes

Responsibilities

• Develop and coordinate all authorization documentation including the Systems Categorization, Systems Security Plan, and Systems risk assessment.
• Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system.
• Create and maintain all minor/major modification documentation.
• Maintain all waivers and Risk assessment for the ISSMs.
• Assist the ISSMs with decisions that affect security of their systems and networks.
• Facilitate preparations for all Contingency/Incident response assessments.
• Perform and document risk assessments, analyzing security vulnerabilities, and the metrics to measure the risks associated with those vulnerabilities.
• Design and development of comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the enclave systems.
• Review and validate System Test and Evaluation (ST&E) and Interim Authority to Test (IATT) reviews for new and/or legacy systems.
• Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
• Requesting risk acceptance for vulnerabilities that cannot be remediated or mitigated.
• Based on the risk profile, Create and track Plan of Action and Milestones (POA&M) for mitigation of risks identified via the ACAS and STIG processes.
• Design and development of Initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems Developing and conducting System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems.
• Utilize the eMass tool to manage the security profile for the system.
• Utilize the PPSM tool and processes to register ports protocols and services in use by the enclaves.