Information Assurance Engineer II - Frederick, MD
We are looking for your experties!
The Information Management Division (IMD) is USAMRIID's primary provider of Information Technology support, systems, and services. GDIT is seeking an informaiton assurance engineer to provide IA management support services, with the sole purpose of maintaining a secure cyber security posture, as prescribed by AR 25-2, Information Assurance. The Contractor shall assure the Institute is adhering to all relevant DoD, Army, Federal, and other relevant regulations and requirements. The implementation of IA within USAMRIID's research program must be delicately balanced to comply with regulations and policies, yet retain the greatest flexibility possible to provide researchers an optimal secure IT environment in which to conduct their research. The Contractor shall understand and apply regulations, policies, standard operating procedures, and other documents that relate to IA and cyber security and shall remain compliant with changes in all applicable requirements. Specific tasks include:
- Enforce the Army IA security and training program. Ensure all users have completed the mandated awareness training as required. Maintain IA training and certification records for all personnel. A monthly training compliance report will be delivered to the IA branch chief on the last business day of each month.
- Enforce Information Assurance Vulnerability Management (IAVM) dissemination, reporting, compliance, and verification procedures as described in regulations, policies, and Army Best Business Practices. IAVA compliance will be measured against metrics included in scorecard reporting.
- Complete all scorecard reporting requirements. Scorecard reporting is to be delivered to the IA branch chief no later than 3 working days before scorecard due date.
- Report security violations and incidents to the servicing RCERT in accordance with Incident and Intrusion Response policy. At a minimum, an executive summary for all incidents must be completed no later than 24 hours after IA has been notified of an incident.
- Prepare the institute for IT security inspections, assessments, tests, and reviews using available Army approved products, checklists, and programs. Assessment reports regarding IA readiness for any inspection will be delivered to the IA branch chief as needed prior to inspections, assessments, tests, or reviews.
- Verify that all ISs within the scope of responsibility are properly certified and accredited in accordance with DIACAP and CM policies and practices before operating or authorizing the use of hardware and software on an IS or network.
- Maintain a repository for all systems Assessment and Authorization (A&A) documentation and modifications, version control, and management of GOTS, COTS, and non-developmental items (NDIs) for USAMRIID. Conduct semi-annual reviews of all ISs and networks to ensure no security changes have been made to invalidate the Authorization to Operate (ATO). Review all IA ATO support documentation packages and system fielding, operations, or upgrades requirements to ensure accuracy and completeness, and that they meet minimal risk acceptance standards. Results and recommendations resulting from the semi-annual review will be delivered to the IA branch chief.
- Conduct risk assessment for all incoming systems (major IT systems) and make recommendations regarding additional protection mechanisms necessary prior to operation of the incoming ISs.
- Maintain baseline and computing environment certifications based on current Army Training best business practice. Contractor is responsible for all certification related maintenance fees and costs.
- Submit and track all software Certificate of Networthiness (CoN) submissions. Report CoN status for required scorecard reporting as needed.
- Implement and maintain all locally required IA guidance, policies, procedures, and regulations. Annual review of policies and revise as needed. Submit report of annual review to IA branch chief.
- Ensure that IA personnel are maintaining and auditing access and log data using approved and available tools. Audit logs will be reviewed weekly.
Assist, support, and report to USAMRMC and NEC IAMs as directed by the IA branch chief.
- Provide IA security guidance to Help Desk and Technicians as needed.
- The contractor will ensure that 100% of USAMRIID users have completed CURRENT training requirements for Cyber Security, as defined in AR25-2. The contractor will use the Army Training and Certification Tracking System (ATCTS) to record IA training status of all USAMRIID personnel. Contractor will ensure that personnel are notified prior to expiration of training. Contractor will ensure that personnel have the necessary system access to complete training in a timely manner.
- Provide administrative support to USAMRIID Security manager during events that involve cyber security threats or attacks.
- Report security violations and incidents to the USAMRIID Chief Information Officer (CIO) in accordance with regulations and policies
- Perform Personal Information Assessments (PIA) as needed to ensure that no Personally Identifiable Information (PII) is at risk in any systems.
- Provide on-call support during non-business hours.
- Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
- 5-8 years of related experience in data security administration.
- Positively adjudicated SSBI-SF86 investigation
As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.