Princ Info Security Analyst - TS/SCI Req'd

USA, Las Cruces, New Mexico
Apr 24, 2017
May 26, 2017
General Dynamics
Full Time

Information Assurance Engineer

  • Serve as a technical team or task leader. Provide technical, administrative, and operational leadership to assigned task(s), including contract and subcontractor management.
  • Prepare presentations, attend customer meetings, serve as Information Assurance liaison.
  • Interact with vendors, other agencies, and other client staff on behalf of the client.
  • Conduct planning and provides recommendations to client on task workload.
  • Participate in special projects in support of Customer requests.
  • Ensure artifact quality control of Security Assessment and Authorization (formerly Certification and Accreditation or C&A) documentation in XACTA.
  • Develop IT security policies, standards, and guidance.
  • Review and Approve Time Cards
  • Interview prospective candidates, provides assessment to HR/PM

The Information Assurance Engineer will conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks, such as FISMA, ISO 27001, etc., and utilize all DHS automated tool sets. He/she will also ensure that the ISSOs have the necessary information throughout the lifecycle of each system. More specific responsibilities and task expected of this individual include:

  • Create documentation to support information system authorization/accreditation packages.
  • Be required to develop technical security documentation including items needed to develop a complete System Security Plan (SSP)
  • Provide continuous monitoring support utilizing Security Analytics, EITA, ALERT, EVSS, HBSS and Red Seal for information systems.
  • Develop IT architecture deliverables, specific to information security countermeasure implementations, for operational systems and systems under development.
  • Develop IT security policies, standards, and guidance.
  • Ensuring artifact quality control of Security Assessment and Authorization (formerly Certification and Accreditation or C&A) documentation.
  • Validating all information system security reporting.
  • Overseeing the Plan of Action and Milestones (POA&M) process for assigned systems.
  • Reviewing and monitoring POA&Ms for each IT system.
  • Ensuring timely POA&M updates to the XACTA database.
  • Ensuring that the XACTA automated tool, is utilized for conducting security assessment and authorization evaluations, and for reporting required IT security program status information.
  • Ensuring DHS encryption policy is implemented and enforced.
  • Advising project managers on the implementation of DHS encryption standards.

Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

8-10 years of related experience in data security administration.

Must possess one of the following current certifications: CISSP OR CASP

Experience must include:

    • Strong Knowledge of the NIST 800-37 and other Risk Management Frameworks (DIACAP).
    • Extensive knowledge of the C&A process within the NIST Risk Management Framework and experience reviewing, advising, and processing and maintaining A&A Packages throughout the lifecycle of the system.
    • Knowledge and experience reporting Information Assurance Vulnerabilities Messages (ISVMs) in compliance with Federal Guidelines
    • Demonstrate competency in the use of DHS automated tool sets, including XACTA.
    • Exceptionally good written and oral communication skills.
  • Good interpersonal and consulting-type skills.
  • Desirable skills- Scripting in Perl, SQL, Java, Unix/Linux