Job Directory Sr. Info Assurance Engineer/STIG/DIACAP/SCA/RedHat / 3rd quarter event req

Sr. Info Assurance Engineer/STIG/DIACAP/SCA/RedHat / 3rd quarter event req
Manassas, VA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.


Job Description

Description:This is an event posting. We are looking to fill multiple software positions at multiple levels at our Manassas, Virginia site. Please apply directly and your credentials will be reviewed for consideration. If there is a potential fit with our needs, you will be contacted for an upcoming interview day.

This position is for an Information Assurance Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA. The Information Assurance Engineer will be responsible for designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems.

Play a key role in integrating security configuration procedures and tools on Linux platforms with minimal assistance. This includes evaluating requirements, selecting/implementing security controls, creating and/or reviewing installation procedures, conducting verification and validation of test procedures and script changes, tailoring and configuring security controls for specific product use, tailored platform hardening, application of application software and/or Operating System vulnerability patches, overall security assessment plan preparation, test procedure preparation, test execution and reporting, performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration.

Identify issues and recommend solutions for integration by the Operating System team and/or software development team. Perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices.

Collaboration with other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Act in a supporting role as the technical interface with customers, vendors, suppliers, and internal organization for related issues.

Support project schedule management, earned value management, and basis of estimate (BOEs) preparation. Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of federal mandates and system missions.

Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems.

Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team. Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Information Assurance Engineer Senior will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF).

Basic Qualifications:

1. Minimum of current Secret clearance to start.

2. Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some UNIX admin commands and functions).

3. Knowledge of remediation methods using various cyber security controls for systems and networks.

4. Understanding of the Certification and Accreditation process.

5. Prior experience working with the DISA Security Technical Implementation Guide (STIG).

6. Understanding of secure coding best practices and approaches to applying defensive security techniques.

7. Experience applying hardening to the system to improve the overall security posture.

8. Experience working with System Administrators and/or System Integrator applying software patches to the system (i.e., patch management duties)

9. Strong verbal and written communication skills.

Desired Skills:

1. Experience with or knowledge of the Risk Management Framework (RMF) and the DOD Information Assurance Certification & Accreditation Process (DIACAP) methods.

2. Software development experience in Java, Javascript or C++ and/or system administration experience in RedHat Linux

3. Experience using automated Static Code Analysis (SCA) tools along with manual code review.

4. Knowledge of DBMS and SQL (i.e. Oracle Database, MySQL, MariaDB).

5. Knowledge of OpenLDAP Directory Services and Domain Name Server (DNS)

6. Understanding of encryption concepts. Ability to communicate secure coding concepts and identify potential software defects/flaws.

7. Knowledge of Web Servers / Services (i.e. Apache HTTP/S, Apache and Tomcat) and web applications.

8. Familiarity with using Bash/Shell to produce hardening scripts and workable

knowledge of system scan analysis tools such as SCAP and ACAS to identify system vulnerabilities.

9. Risk Management Framework planning and implementation working experience is considered a plus.

10. Experience in application and OS hardening using Ansible or Puppet modules or an equivalent hardening technique (e.g., shell scripting, file overlays, package management, etc)

11. Cross-Domain Guard experience is considered a plus.

12. CISSP certification or the pursuit thereof is a plus.

12. The ability to work independently without much peer guidance.



Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Join us at Lockheed Martin, where your mission is ours. Our customers tackle the hardest missions. Those that demand extraordinary amounts of courage, resilience and precision. They're dangerous. Critical. Sometimes they even provide an opportunity to change the world and save lives. Those are the missions we care about.

As a leading technology innovation company, Lockheed Martin's vast team works with partners around the world to bring proven performance to our customers' toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories.


Experienced Professional

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.