INFORMATION ASSURANCE SPECIALIST
Location: Arlington, VA (Pentagon City/DEA HQ)
Utilize the policy, directives, instructions, and guidance of Office of Management and Budget (OMB), Department of Justice (DOJ), National Institute of Standards and Technology (NIST), the Committee on National Security Systems (CNSS), and the Director of National Intelligence (DNI) in the evaluation of the proper incorporation of security standards to information technology systems on behalf of the Drug Enforcement Administration (DEA) Certification Official in the preparation of evaluations, assessments, and reviews. This position is responsible for certification and accreditation package reviews, including System Security Plans, IT Contingency Plans, Plans of Action & Milestones (POA&Ms), and Risk Assessments; reviews and recommendations regarding system change requests; review and interpretation of vulnerability and compliance scan results; development of information security policies; and research of risk-mitigating technical solutions.
Documented knowledge of the policies, instructions, regulations, and guidance of NIST, CNSS, and DNI; experience developing and reviewing certification packages; experience drafting, reviewing, and planning resolution/mitigation of POA&M weaknesses; experience interacting with and making recommendations to senior Federal staff regarding risk mitigation; experience analyzing and recommending system change requests; experience performing information assurance audits on system documentation, hardware, and software; and the ability to communicate effectively orally and in writing.
General Experience: Five (5) years experience in the integration and implementation of information assurance policy, regulations, and doctrine.
Information Security Specialized Experience: Five (5) years experience using security policies, standards, procedures, guidelines, and best practices from areas such as FISMA, NIST, and NSA. Experience in incident detection, analysis, coordination, and response; auditing systems, database, and applications; vulnerability assessments and compliance monitoring; experience in vulnerability assessments and incident response handling; working knowledge of computer hardware (PDA, desktop, server, and peripherals), operating systems, applications, and databases (single user through enterprise); knowledge of information security products, regulations, standards and guidelines; experience in network monitoring using host-based and network-based intrusion detection systems; knowledge of incident response handling policy and procedures; and knowledge of intrusion detection systems and other information security products, regulations, standards, and guidelines.
Information Technology Experience: Five (5) years experience integrating, developing, evaluating, or deploying security products in enterprise level technology upgrades.
An advanced degree in Computer Science, Information Systems, Engineering, Business, or other related scientific/technical discipline may be considered equivalent to two (2) years general experience or two (2) years information security specialized experience. Certificates such as Microsoft’s MCSE may be considered equivalent to two (2) years of general experience and two (2) years of information technology experience. The CISSP certificate may be considered equivalent to five (5) years of information security specialized experience.
Must be able to successfully complete a DEA background investigation in conjunction with being an active Secret or higher clearance holder.