Today
Secret
Unspecified
Unspecified
IT - Security
Rosslyn, VA (On-Site/Office)
Position Title: Information Assurance Engineer
Position Type: Onsite
Location: Rosslyn, VA
Clearance: TS
Responsibilities:
• Support system assessment & authorization (A&A) activities, to include pre-assessment control reviews, artifact gathering, system security and associated plan updates, and other documentation review and updates.
• Support creation and maintenance of Federal Risk and Authorization Management Program (FedRAMP) cloud solutions documentation.
• Perform security control reviews of facilities, systems, and applications to support the continuous monitoring strategy plan and annual reviews. Identify and track findings and POA&Ms.
• Support and initiate the incident response process in accordance with guidelines.
• Assist System Owner and support staff by providing timely advice, guidance, and templates to complete required tasks and documentation
Requirements:
• 7-10 years of federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirements. IAT Level II or equivalent.
• Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actions
• Complete understanding of Department of Homeland Security Continuous Diagnostics and Mitigation (DHS CDM) program requirements and implementation requirements at a general level
• Experience in host-based and network-based security tools, analyzing alerts, and initiating the incident response process, working with operations team and management to analyze and categorize level of threat, take appropriate and timely actions to mitigate threat and associated vulnerabilities
• Understanding of operating in multi-network environments that are multi-tiered and risks associated with this type of network architecture
• Demonstrated experience working with security information management (SIM) and/or security information and event management (SIEM), user behavior analysis (UBA), anti-malware tools
• Demonstrated experience with cloud hosted infrastructure and applications environments such as Microsoft Office 365 and Microsoft Azure.
• Understanding of threats specifically related to mobile users and mobile devices
• Experience in researching different types of technical security threats and recommending mitigating actions
• Proficient in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadership
• Familiar with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processes
Desired:
• IAT Level III, Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM), PMP
Position Type: Onsite
Location: Rosslyn, VA
Clearance: TS
Responsibilities:
• Support system assessment & authorization (A&A) activities, to include pre-assessment control reviews, artifact gathering, system security and associated plan updates, and other documentation review and updates.
• Support creation and maintenance of Federal Risk and Authorization Management Program (FedRAMP) cloud solutions documentation.
• Perform security control reviews of facilities, systems, and applications to support the continuous monitoring strategy plan and annual reviews. Identify and track findings and POA&Ms.
• Support and initiate the incident response process in accordance with guidelines.
• Assist System Owner and support staff by providing timely advice, guidance, and templates to complete required tasks and documentation
Requirements:
• 7-10 years of federal government knowledge and experience in applying and implementing the NIST Risk Management Framework and Special Publications 800-53, 800-37; FedRAMP, NIST Cybersecurity Framework, and other FISMA requirements. IAT Level II or equivalent.
• Experience in configuring and running vulnerability and configuration compliance (SCAP) scans, troubleshooting issues, and analyzing data to identify trends and recommend remediation actions
• Complete understanding of Department of Homeland Security Continuous Diagnostics and Mitigation (DHS CDM) program requirements and implementation requirements at a general level
• Experience in host-based and network-based security tools, analyzing alerts, and initiating the incident response process, working with operations team and management to analyze and categorize level of threat, take appropriate and timely actions to mitigate threat and associated vulnerabilities
• Understanding of operating in multi-network environments that are multi-tiered and risks associated with this type of network architecture
• Demonstrated experience working with security information management (SIM) and/or security information and event management (SIEM), user behavior analysis (UBA), anti-malware tools
• Demonstrated experience with cloud hosted infrastructure and applications environments such as Microsoft Office 365 and Microsoft Azure.
• Understanding of threats specifically related to mobile users and mobile devices
• Experience in researching different types of technical security threats and recommending mitigating actions
• Proficient in writing and maintaining system security plans, information security policies, and official memorandums intended for executive leadership
• Familiar with use of Information Technology Infrastructure Library (ITIL), Capability Maturity Model Integration (CMMI), and/or Project Management Professional (PMP) processes
Desired:
• IAT Level III, Certified Information Systems Security Professional/Certified Information Security Manager (CISSP/CISM), PMP
group id: 91113162
