Information Assurance Engineer

Latitude Inc.
Mclean, VA
Sep 27, 2021
Sep 29, 2021
Engineer, IT, QA Engineer
Full Time
Job Description The Temporary Information Assurance Engineer will be part of small teams responsible for supporting the development and maturation of an Agency-wide information security program for a large civilian Federal agency and a key team member leading security control assessments and monthly on-site IT security assessments. The Information Assurance Engineer will be responsible for a variety of tasks including but not limited to: Conducting security control assessments and performing all required activities including reviewing SSPs, conducting interviews, gathering Evidence and creating SARs Maintaining a vulnerability management process for the Agency, Coordinating data calls (FISMA, FMFIA, BDR, etc.) and managing monthly reports. CyberScope experience a plus; Developing recommendations for security issues and vulnerabilities identified during security control assessments; Managing POA&Ms including, milestone creation and update, POA&M Auditing and closure; Reviewing security policy and procedural documentation based on NIST guidance; Analyzing vulnerabilities and other findings, Providing administrative support to Xacta users, and CDM implementation and support The information assurance engineer will primarily use Agency provided tools such as Xacta (Risk Management Framework support tool), CSAM, or RSA Archer to track and reconcile findings from the system assessments, audits, and vulnerability scans. The information assurance engineer will work closely with senior agency security officials, system owners, information security officers and other stakeholders. Additionally, the assurance engineer will support other security program functions such as audit efforts, continuous monitoring, risk management and responding to ad hoc data calls. The candidate will possess a strong technical background with practical experience identifying and implementing remediation measures for system vulnerabilities and a desire to be involved in the establishing and maturing an Agency-wide information security program. Additionally, the assurance engineer may also be required to support: Authoring operational procedures, Participating in peer review of deliverables, and Facilitating client meetings. Minimum Qualifications: Requires US Citizen or the ability to obtain a Public Trust Clearance 4-years or more of relevant job experience 3 years of experience writing and reviewing Security Systems Plan (SSP) Knowledge of Risk Management Framework (RMF), relevant NIST publications, FIPS guidelines Experience conducting 6-10 security control assessments each year 2 years of experience in taking System Assessment and Authorization (SA&A) package from start to ATO Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff Experience applying, analyzing and assessing information systems and security controls using NIST SP800-53, Revision 4; Understanding of attack vectors and methodologies Knowledge of and experience with applying Common Weakness Enumeration (CWE) and Common Vulnerability Scoring System (CVSS) Experience working with perimeter technologies (eg, firewalls, proxies, NIDS) and vulnerability management tools Demonstrated ability to prioritize and manage competing work assignments in a time sensitive environment Ability to weigh business risks and enforce appropriate information security measures Strong inter-personal and communications skills Experience with composing professional email correspondence Demonstration of ability to solve problems using best practices and systematic approach Experience with vulnerability management, patch management and configuration management best practices Knowledge and understanding of system development lifecycle Experience working with Federal Information Security Management Act (FISMA) requirements, and National Institute of Standards and Technology (NIST) guidelines Required Tool Experience MS Office Suite (Word/Excel/Visio/Outlook) MS Access MS SQL Preferred Tool Experience BigFix FoundStone Vulnerability Scanner Security Content Automation Protocol (SCAP) Symantec Endpoint Telos Xacta IA Manager CDM Dashboard/RSA Archer CSAM Preferred Qualifications: Self-motivated and able to work independently and meet deadlines Interest in learning the concepts of business development and capturing new business Bachelor's degree CISSP, CISM or equivalent security certification Working knowledge of CMMI Working knowledge of ITIL Powered by JazzHR R3CpS8BZkyby Jobble

Similar jobs