Information Assurance Professional (IAP)

About The Position

Requirements

• Requires a Bachelor’s degree in Engineering, or a related Science, Technology or Mathematics field.
• Also requires 2+ years of job-related experience. or a Master's degree and 6 months of job-related experience.
• Department of Defense Secret security clearance is required at time of hire.
• Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
• Due to the nature of work performed within our facilities, U.S. citizenship is required.
• Proficient understanding of cyber security specifications such as Risk Management Framework (RMF), JSIG (Joint SAP Implementation Guide), ICD-503, NIST SP 800-53 .
• Exp erience implementing government security requirements to include technical computer/network system auditing
• Trained and proficient in Assured File Transfer (AFT) processes and tools
• Experience with various security assessment/hardening tools - STIGs, SCAP, ACAS, Nessus, etc.
• Systems administration experience is highly desirable
• Very strong writing, speaking, analytical, and customer service skills
• Ability to participate in or lead security work groups
• Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
• Maintains contact with external customer security professionals
• This role requires a technical background creating POA&Ms, developing corrective action plans, and writing security plans, policies, and procedural documentation (not just reviewing or performing documentation review)

Nice To Haves

• Demonstrated comprehensive knowledge of the NISPOM, JSIG, ICD -503, NIST SP 800-53 and CNSSI 1253
• DoD 8 140 IAM-I I level professional certification ( i.e. Security + CE, CAP, GSLC) or ability to obtai n within six (6) mo nths of hire .

Responsibilities

• Support system security categorization efforts
• Security requirements selection/analysis
• Security control assessments
• Perform continuous monitoring
• Executes or supports the execution of A&A activities, including development of required security documentation, including items such as System Security P lans, Security Assessment Reports , SCTM’s and POA& Ms in compliance with IA policy
• Perform weekly syst em audit reviews, media reviews, hardware/software configuration management
• Executes security testing and evaluation to ensure correct implementation of security controls
• Supports the a ssessment and mitigation of vulnerabilities throughout a system s life cycle
• Conduct IA security education training for all system users on appropriate risk mitigation strategies
• Perform incident response and cleanup actions, when necessary, per company or customer directions
• Ensure systems are operated , maintained, and disposed of in accordance with internal security policies and procedures outlined in the System Security Plan (SSP).
• Assume ISSM responsibilities as assigned by the Region Manager and/or in the absence of the ISSM