Junior Test & Security Information Assurance (IA) Engineer

About The Position

Requirements

• Demonstrated competencies in software development and the SDLC in python.
• Demonstrated understanding of software testing principles including test case design, defect management, and test reporting
• Hands-on experience or academic exposure to JIRA or similar defect tracking tools
• Familiarity with test automation concepts and scripting for test execution
• Foundational understanding of Information Assurance principles and vulnerability management concepts
• Familiarity with ACAS or similar vulnerability scanning platforms
• Basic understanding of STIGs and DoD security compliance frameworks
• Ability to write, test, and iterate scripts for system configuration and automation tasks in powershell, bash or similar.
• Familiarity with AWS or equivalent cloud environments for testing and development purposes
• Ability to produce clear, thorough, and professional technical documentation
• Understanding of Agile/Scrum, SDLC, and STLC methodologies
• Strong analytical skills including requirements analysis, root cause analysis, and risk assessment
• Clear and professional written and verbal communication skills for stakeholder reporting and team collaboration
• Department of Defense Secret security clearance is required at time of hire.
• Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information.
• U.S. citizenship is required.

Nice To Haves

• Experience with the BRIM Tool or equivalent vulnerability management processing tools
• Demonstrated experience packaging Linux scripts or applications into RPM packages for deployment
• Working knowledge of container security best practices and familiarity with NCDSMO container security guidance
• Prior experience working with PitBull mandatory access control systems in a classified or DoD environment
• Hands-on experience working across both software testing/QA and cybersecurity/IA functions
• Understanding of cross-domain solution environments and associated security requirements
• Demonstrated initiative in identifying process improvements and proposing innovative solutions
• Experience participating in or facilitating technical review cycles with subject matter experts

Responsibilities

• Execute test cases both manually and through automation tools, ensuring software performs as designed
• Accurately record and track test results across testing phases
• Reproduce and isolate defects and bugs to support effective debugging by development teams
• Perform regression testing after defect fixes to ensure no new issues are introduced
• Conduct smoke testing and sanity testing on new software builds before full test cycles begin
• Validate and verify that reported defects have been properly resolved
• Log clear, detailed defect reports in JIRA, the team's issue-tracking platform
• Assign appropriate severity and priority ratings to identified defects
• Collaborate directly with developers to investigate and resolve issues
• Track defects from initial discovery through full resolution and closure
• Analyze defect trends and contribute to root cause analysis efforts
• Maintain accurate and up-to-date test documentation throughout the project lifecycle
• Produce Test Summary Reports at the conclusion of each testing phase, summarizing results, metrics, and quality disposition
• Report test progress and key metrics to stakeholders in a clear, concise manner
• Maintain Requirements Traceability Matrices (RTM) to ensure all requirements are covered by corresponding test cases
• Identify opportunities to improve test processes and methodologies
• Actively contribute to the development and maintenance of automation frameworks and test infrastructure
• Support the establishment and maintenance of a vulnerability scanning cadence for the unclassified (unclass) lab environment
• Manage ACAS scanning activities including plugin management, scan execution, and results review
• Coordinate scanning schedules and remediation activities with the lab team
• Use and maintain the BRIM Tool (or equivalent) for vulnerability data processing within the VMP Plan
• Develop, iterate, and test scripts to automate the configuration of PitBull systems for ACAS scanning compatibility
• Work toward packaging automation scripts into RPM packages for streamlined, repeatable deployment
• Test automation scripts within the AWS cloud environment
• Review systems against applicable STIGs to assess compliance posture
• Identify non-compliant findings and coordinate with relevant teams to drive remediation
• Document compliance status and track remediation actions to closure
• Document and finalize the Least Privilege approach for scanning users, incorporating SME feedback through structured review cycles
• Deliver finalized IA documentation to the VMP Team
• Update and maintain the Container Best Practices document to incorporate input from the ASU Capstone project and NCDSMO container security guidance

Benefits

• highly competitive benefits
• flexible work environment where contributions are recognized and rewarded