Information Assurance Professional (IAP)

About The Position

Requirements

• Requires a Bachelor’s degree in Engineering, or a related Science, Technology or Mathematics field
• 5+ years of job-related experience, or a Master's degree plus 3 years of job-related experience
• Department of Defense TS/SCI security clearance is required at time of hire
• Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information
• U.S. citizenship is required
• Proficient understanding of cyber security specifications such as Risk Management Framework (RMF), JSIG (Joint SAP Implementation Guide), ICD-503, NIST SP 800-53
• Experience implementing government security requirements to include technical computer/network system auditing
• Trained and proficient in Assured File Transfer (AFT) processes and tools
• Experience with various security assessment/hardening tools - STIGs, SCAP, ACAS, Nessus, etc.
• Very strong writing, speaking, analytical, and customer service skills
• Ability to participate in or lead security work groups
• Must be a self-starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
• Maintains contact with external customer security professionals
• Technical background creating POA&Ms, developing corrective action plans, and writing security plans, policies, and procedural documentation (not just reviewing or performing documentation review)

Nice To Haves

• Systems administration experience is highly desirable
• Demonstrated comprehensive knowledge of the NISPOM, JSIG, ICD-503, NIST SP 800-53 and CNSSI 1253
• DoD 8140 IAM-II level professional certification (i.e. Security + CE, CAP, GSLC) or ability to obtain within six (6) months of hire
• Experience working with or familiarity with AI/ML models

Responsibilities

• Supports system security categorization efforts, security requirements selection/analysis, security control assessments and performs continuous monitoring
• Executes or supports the execution of A&A activities, including development of required security documentation, including items such as System Security Plans, Security Assessment Reports, SCTM’s and POA&Ms in compliance with IA policy
• Perform weekly system audit reviews, media reviews, hardware/software configuration management
• Executes security testing and evaluation to ensure correct implementation of security controls
• Supports the assessment and mitigation of vulnerabilities throughout a systems life cycle
• Conduct IA security education training for all system users on appropriate risk mitigation strategies
• Perform incident response and cleanup actions, when necessary, per company or customer directions
• Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures outlined in the System Security Plan (SSP)
• Assume ISSM responsibilities as assigned by the Region Manager and/or in the absence of the ISSM