Information Assurance Engineer
Job DescriptionJob Title: Information Assurance EngineerLocation: Alexandria, VA (Must be local)Security Clearance: Public Trust (Must be a US Citizen)Job Type: Full-timeTravel: Some travel requiredPosition Overview:The Information Assurance Engineerwill be responsible for assisting and conducting FISMA-driven security assessments on Federal Information Technology systems. At a minimum, you must have a sound working knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4, and the Risk Management Framework (RMF) process outlined in the NIST SP 800-37, Revision 1. You will document all assessment and test results, be able to convey these findings to technical and non-technical audiences, and analyze the results of vulnerability scans and/or penetration testing.Duties and Responsibilities:Essential duties and responsibilities include the following. Other duties may be assigned.Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps.Reviews security controls in accordance with the NIST SP 800-53 controls and generates compliance status reports; Publications, FIPS, FedRAMP, and other federal regulations and policies.Evaluates new IT systems involving software, hardware, configuration, and proposed changes to ensure IT security posture is in compliance with existing information security policies and regulations;Collects evidence to support implementation of system baseline security controls and performs analysis on evidence to ensure compliance with the systems security plan and risk management framework designs;Coordinates resolution of system deficiencies and POA&M findings with other Department offices, as required;Prepares plan of action and milestones (POA&M) reports to record system deficiencies and findings for all DS applicationsReviews and validates system configurations to ensure that a suite of security and compliance software, hardware and related toolsets are in accordance with appropriate risk management framework design;Performs continuous monitoring activities on new and existing systems and networksJob Qualifications:Must be eligible to work in the US.CompTIA Security + certificationBachelor's degree in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines.4+ years experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice.Knowledge of Federal Government C&A practices and policies, particularly NIST SP 800-53; NIST-800-37; FIPS-199; and FIPS-200Experience vulnerability assessment scanning tools and reporting.Experience with UNIX/LINUS systemsAbility to work independently and also collaborating closely with application developers, engineers and others.Must be self-motivated and results oriented.Effective written and oral communication skills.Preferred Skills :ISC2 CAP certificationFamiliarity with applying STIGS/hardening/best practice guides to information systemsPrevious role of being an SCA at federal agencyFamiliarity with interpreting complex system/network architecture diagrams Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.