Information Assurance Specialist

ECS Tech Inc-posted 2 days ago
$90,000 - $120,000/Yr
Full-time • Mid Level
Washington, DC
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

ECS is seeking an Information Assurance Specialist to work in our Washington, DC office. Overview ECS is seeking a specialized Information Assurance Specialist to support the Department of State (DOS) Bureau of Diplomatic Technology (DT). This role sits within the Independent Security Control Assessment (ISCA) team and focuses on the technical assessment of high-value data systems. The ideal candidate will serve as a Technical Assessor responsible for executing vulnerability scanning, database security configuration analysis, and technical compliance auditing under NIST SP 800-53A Rev. 5. You will directly support RMF Step 4 (Assessment) by producing technical evidence, analyzing scan results, and verifying the security of mission-critical databases and infrastructure.

  • Conduct in-depth security configuration assessments of database management systems (DBMS) (e.g., Oracle, SQL Server, PostgreSQL) against DOS Configuration Guides, DISA STIGs, and CIS Benchmarks.
  • Analyze database permission settings, encryption implementation, and auditing configurations to verify compliance with NIST SP 800-53 Rev. 5 controls.
  • Perform manual validation of technical controls that cannot be fully assessed via automated scanning, ensuring comprehensive coverage of the system boundary.
  • Execute and analyze automated vulnerability scans using agency-approved tools (e.g., Tenable Nessus, dbProtect, AppDetective).
  • Analyze security tool reports to differentiate false positives from valid findings, determining actual residual risk based on the operational environment.
  • Correlate scan data with system inventory to ensure 100% asset coverage within the authorization boundary.
  • Develop the technical portions of Security Assessment Plans (SAP), identifying the specific tools and methods required for database and infrastructure testing.
  • Document objective evidence of findings, including screenshots, raw scan logs, and configuration exports, to support the Security Assessment Report (SAR).
  • Provide detailed remediation guidance to System Administrators and ISSOs to resolve technical findings and update Plans of Action and Milestones (POA&Ms).
  • Support Information Security Continuous Monitoring (ISCM) by performing periodic database scans and security impact analyses of changes to the data environment.
  • Verify the effectiveness of remediation efforts through regression testing and re-scanning of patched systems.
  • Clearance: Active Secret Security Clearance (Required).
  • Experience: 5+ years of Information Security experience, with a focus on technical assessments and vulnerability management.
  • Database Security: Proven experience auditing and securing major database platforms (SQL, Oracle, etc.) and interpreting DOS Configuration Guides and/or DISA STIGs for databases.
  • Vulnerability Scanning: Hands-on proficiency with scanning tools such as Nessus, Burp Suite, AppDetective, or similar vulnerability assessment solutions.
  • Framework Knowledge: Deep understanding of NIST SP 800-53A assessment procedures and how they apply to technical infrastructure.
  • Reporting: Ability to translate raw scan data into actionable risk findings for the Security Assessment Report (SAR).
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service