Information Assurance Security Engineer

TekSynap•Fort Belvoir, VA

13d•Onsite

About The Position

We are seeking an Security Engineer to join our Prime Contract with the Defense Threat Reduction Agency. The IV&V Team is an independent third party who assesses and validates that agency systems have implemented the approved security control baseline. The Team acts as a trusted agent to the SCA and SCAR and supports the agency continuous monitoring program as necessary. This task includes such activities as cybersecurity policy review, interpretation, and applicability, cybersecurity policy development, strategic planning, and policy rollout, compliance tracking, enforcement, and reporting. T ekSynap is a fast growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. “Technology moving at the speed of thought” embodies these principles – the need to nimbly utilize the best that information technology offers to meet the business needs of our Federal Government customers. We offer our full-time employees a competitive benefits package to include health, dental, vision, 401K, life insurance, short-term and long-term disability plans, vacation time and holidays. Visit us at www.TekSynap.com . Apply now to explore jobs with us! The safety and health of our employees is of the utmost importance. Employees are required to comply with any contractually mandated Federal COVID-19 requirements. More information can be found here . By applying to a role at TekSynap you are providing consent to receive text messages regarding your interview and employment status. If at any time you would like to opt out of text messaging, respond "STOP".

Requirements

Bachelor's (or equivalent) with 5 - 7 years of experience, or a master's and 3 to 5 years of experience.
eMASS / ACAS Training and Experience
In-depth knowledge of all NIST and CNSSI publications related to RMF and security controls for national security systems (NSS) and non-NSS systems.
Working knowledge of DoD Risk Management Framework (RMF), DoD IA guidance and policies, and NIST 800 series standards.
In-depth knowledge and hands-on experience with eMASS software supporting the RMF process.
Working knowledge of ACAS Security Center to include report generation and evaluation of vulnerability and discovery scans.
Working knowledge of STIG Viewer/ eMASSter to validate STIG checklists and SCAP scans.
Minimum of DOD IAM III
Active DoD Top-Secret security clearance

Nice To Haves

CISM (Certified Information Security Manager)
CISA (Certified Information Systems Auditor)
CAP (Certified Authorization Professional)

Responsibilities

Coordinate ATO kickoff meetings for IS authorizations and reauthorizations.
Work with system owners for system categorization and security control selection in accordance with NIST SP 800-53 and CNSSI-1253.
Provide guidance for DoD Information Technology Portfolio Repository (DITPR) and eMASS registration.
Support POA&M oversight for the agency to include reviews, approvals, status, mitigation, remediation strategies, and risk acceptance guidance.
Conduct continuous monitoring security control and technical review per agency schedule for all systems.
Support the Enterprise Reporting Service (ERS) Score Card submission and the associated monthly reporting requirements to DTRA leadership.
Facilitate quarterly POA&M and ConMON meetings with system owners and the AO, and conduct risk management meetings with system owners as needed.
Notify system owners for ATO, Interim Authority to Test (IATT), Annual Security Review (ASR), and Contingency Plan Test (CPT) due dates.
Experience in helping federal agencies manage risks associated with operating on-premise and cloud-based information systems in support of the RMF.
Advise the AODR, AO, CISO of DoD RMF matters related to systems based on the evaluation of security controls, technical findings and artifacts.
Identify, communicate, and deliver concise, coherent narratives on key issues to peers and the AO/AODR.
Review ACAS metrics for all IS and ensure ACAS dashboard reflects accurate data.
Ability to work effectively within a team environment as well as independently.
Strong verbal and written communication skills.