Information Assurance Security Engineer - Huntsville AL - TS required to apply
About The Position
This role is within the OCIO's Cybersecurity Risk Management Unit and requires a Top Secret (TS) clearance to apply. The position is responsible for leading the implementation of the Security Assessment and Authorization (SAA) Program, as defined in section 2.0 and in the SAA PG. The work involves leading, mentoring, and supervising a team of contractor security professionals responsible for the end-to-end implementation of the Risk Management Framework (RMF) lifecycle for FBI IT systems. This includes overseeing activities within the Prepare step, guiding system categorization, advising on security control selection and implementation, and ensuring comprehensive security control assessments are conducted. The role also involves preparing risk management documentation, directing ongoing monitoring activities, and serving as a principal technical advisor on cybersecurity matters. Fostering a culture of security awareness and communicating status, risks, and improvement opportunities to leadership are key aspects of this position. Maintaining up-to-date knowledge of RMF, NIST guidance, and industry best practices is essential for continuous process improvement.
Requirements
- 10 years of experience in secure design, analysis, and test of information security systems and products.
- 10 years of experience applying methods, standards and approaches for ensuring the baseline security safeguards are appropriately implemented and documented.
- 10 years of experience creating and updating security test plans for detecting and mitigating risk to information systems.
- Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification required.
- Top Secret (TS) clearance required to apply.
Nice To Haves
- Cloud certification, preferred.
Responsibilities
- Lead, mentor, and supervise a team of contractor security professionals responsible for the end-to-end implementation of the RMF lifecycle for FBI IT systems.
- Oversee and coordinate activities within the Prepare step, ensuring roles, responsibilities, and risk management strategies are clearly defined and maintained.
- Guide system categorization efforts to ensure all information systems are appropriately classified based on mission/business impact and regulatory requirements.
- Advise on the selection, tailoring, and documentation of security controls aligned with system categorizations, Bureau risk appetite, and compliance requirements.
- Oversee the implementation of technical, operational, and management controls throughout system and application lifecycles, with a particular focus on quality and completeness of all deliverables.
- Ensure comprehensive security control assessments are planned, executed, and documented to validate the effectiveness of implemented safeguards.
- Prepare risk management documentation for system authorization and executive decision-making.
- Direct ongoing monitoring and continuous assessment activities, collecting metrics to adjust security strategies and ensure sustained compliance.
- Serve as a principal technical advisor on cybersecurity, bringing subject-matter expertise to risk analysis, incident response, system remediation, and audit support efforts.
- Foster a culture of security awareness, providing technical guidance and training to both team members and stakeholders.
- Track, report, and communicate status, risks, and improvement opportunities related to security engineering activities to leadership and stakeholders.
- Maintain up-to-date knowledge of RMF, NIST guidance, and industry best practices in support of continuous process improvement.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
