Job Directory Sr. Info Assurance Engineer/STIG/RMF

Sr. Info Assurance Engineer/STIG/RMF
Manassas, VA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Job Description

This position is for an Information Assurance Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA.

The Senior Information Assurance Engineer will be responsible for designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems. Play a key role in integrating security configuration procedures and tools on Linux platforms with minimal assistance.

This includes:

* evaluating requirements
* selecting/implementing security controls
* creating and/or reviewing installation procedures
* conducting verification and validation of test procedures and script changes
* tailoring and configuring security controls for specific product use
* tailored platform hardening, application of application software and/or Operating System vulnerability patches
* overall security assessment plan preparation
* test procedure preparation, test execution and reporting --performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS)

and performing SCAP security assessment/configuration

* Identify issues and recommend solutions for integration by the Operating System team and/or software development team

Collaboration with other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Act in a supporting role as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Support project schedule management, earned value management, and basis of estimate (BOEs) preparation.

Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of federal mandates and system missions. Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503.

Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team.

Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Information Assurance Engineer Senior will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF).

Basic Qualifications

1. Minimum of current Secret clearance to start.

2. Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 years of professional experience; or 3 years of professional experience with a related Masters degree.

3. Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some Linux, particularly Red Hat Enterprise Linux (RHEL), admin commands and functions).

4. Knowledge of remediation methods using various Cyber Security controls for systems and networks.

5. Understanding of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process.

6. Prior experience working with the DISA Security Technical Implementation Guide (STIG), Security Requirements Guides (SRGs), Security Content Automation Protocol (SCAP) / Open Vulnerability and Assessment Language (OVAL), and Cybersecurity Best Practices.

7. Familiar with system hardening approaches as a remediation to vulnerabilities.

8. Experience working with System Administrators and/or System Integrator applying software patches to the system (i.e., patch management duties)

9. Strong verbal and written communication skills.

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.