Information Assurance Engineer, Arlington, VA
Apply online via the WESSGRP job site: https://wessgrp-online.ghg.com/public/appentry.jsp
The individual applying for this job should have a solid understanding of leadership, management, business continuity planning, auditing, risk management, and certification and accreditation (C&A). The individual should also have a strong working knowledge of industry (NIST), government, and DoD IA regulations and guidelines.
The individual will be a team member of the Information Assurance team supporting the medical healthcare efforts, providing information assurance (IA) support for various applications and hardware. This support requires the individual to perform analysis, develop whitepapers, develop and brief leadership on the efforts in a technical briefings format, perform evaluations of program artifacts, perform risk analysis and define risk mitigation strategies. The individual will need to be able to work in a dynamic environment, remaining flexible to meet the needs of the organization. The individual will need to be able to provide recommendations, perform training, execute IA documentation reviews, evaluate systems based on the C&A boundaries, perform system scanning (e.g. Retina, SCAP, APPDetective, etc.) in accordance with NIST and DIACAP requirements. The individual needs to be able to be able to identify process improvements in support of developing an overarching IA program.
These efforts include the:
- Assessment of the systems security posture and compliancy to STIGs.
- Ability to scan systems for compliancy
- Ability to support the development of IA strategies.
- Ability to work with system owners in developing security plan of actions and milestones (POA&M).
- Support information assurance compliancy analysis
- Support the development of certification and accreditation plans, information assurance vulnerability assessment methods, and technology program methodologies
- Manage annual accreditation activities and re-accreditation efforts.
- Review the systems security risk assessments and determine the appropriate controls for risk mitigation.
- Create security awareness among the organization staff and stakeholders.
- Work with other teams and members of the systems (e.g. System Admins, Config Mgmt, Network Engineers, Site Managers, Asset Management, Project Management etc.) to evaluate systems, establish and implement mechanisms for identifying, documenting and addressing security vulnerabilities.
- This position requires a final Clearance
- Certification Required:
Certified Information Systems Security Professional (CISSP)
- 5+ years of experience with information assurance, engineering, and/or operational support, supporting information operations, cyber operations, system administration, and systems security
- 5+ years of experience with C&A programs, developing PO&M’s, SIP, and DIP through DIACAP/NIST/FISMA guidelines
- 5+ years of experience supporting the healthcare industry, or 10+ years supporting DoD
- Thorough knowledge of applicable regulations, including DoD 8500.02, DoD 8510, NIST risk management framework
- Ability to complete security test events to evaluate IA compliance of a system against current STIGS through manual and automated methods in support of either Windows, UNIX, Database, Web-based, or network components
- Experience with eMASS is a plus
- Paid time off (Holidays, Vacation, PTO and Sick)
- Comprehensive Medical, Dental and Vision Coverage
- 401(k) plan
Indeed - 12 months ago
copy to clipboard