JOB DESCRIPTION:

The Information Assurance Engineer is responsible conducting research into fundamental computer and information science as theorists, designers, or inventors. You will develop solutions to problems in the field of computer hardware and software.
Project Specific: Responsible for all activities relating to information assurance procedures and systems. Develop information systems assurance programs and control guidelines. Confers with and advises subordinates on administrative policies and procedures and resolving technical problems, priorities, and methods. Consults with and advises other sections regarding internal controls and security procedures. Prepares activity and progress reports relating to the information systems audit function.

Position Responsibilities:

• Security Architecture and Design: Developing and implementing security designs for new or existing network systems, ensuring hardware, operating systems, and software applications meet security requirements. This includes creating and maintaining security policies, standards, and procedures.
• Vulnerability Management and Testing: Conducting vulnerability assessments, penetration testing, and risk assessments to identify and address weaknesses in systems and networks. This may involve using tools like ACAS, and SCAP.
• Compliance and Accreditation: Ensuring compliance with relevant security frameworks and regulations (e.g., FISMA, NIST, ISO 27001, FedRAMP). They are often involved in the Certification and Accreditation (C&A) or Risk Management Framework (RMF) processes using eMass.
• Incident Response: Leading or participating in incident response activities, including detection, containment, eradication, recovery, and reporting of security incidents.
• Security Tool Implementation and Management: Implementing and managing security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM) systems, and endpoint security solutions.
• Security Documentation: Developing, updating, and maintaining security documentation, including System Security Plans (SSPs), Risk Assessments, and other compliance-related documents.
• Security Awareness and Training: Potentially contributing to the development and delivery of cybersecurity training programs and advising teams on security best practices.
• Continuous Monitoring: Monitoring IT environments for potential security threats and vulnerabilities.
• Research and Analysis: Staying abreast of emerging security threats, vulnerabilities, and industry best practices, and conducting research on new technologies and mitigation techniques.

QUALIFICATIONS:

• MA/MS degree with 10+ years of experience or Bachelor’s degree with at least 12 years of experience.
• DoD Secret Security Clearance
• CompTIA Security+ Certification, or equivalent

• Security Architecture and Design: Developing and implementing security designs for new or existing network systems, ensuring hardware, operating systems, and software applications meet security requirements. This includes creating and maintaining security policies, standards, and procedures.
• Vulnerability Management and Testing: Conducting vulnerability assessments, penetration testing, and risk assessments to identify and address weaknesses in systems and networks. This may involve using tools like ACAS, and SCAP.
• Compliance and Accreditation: Ensuring compliance with relevant security frameworks and regulations (e.g., FISMA, NIST, ISO 27001, FedRAMP). They are often involved in the Certification and Accreditation (C&A) or Risk Management Framework (RMF) processes using eMass.
• Incident Response: Leading or participating in incident response activities, including detection, containment, eradication, recovery, and reporting of security incidents.
• Security Tool Implementation and Management: Implementing and managing security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), Security Information and Event Management (SIEM) systems, and endpoint security solutions.
• Security Documentation: Developing, updating, and maintaining security documentation, including System Security Plans (SSPs), Risk Assessments, and other compliance-related documents.
• Security Awareness and Training: Potentially contributing to the development and delivery of cybersecurity training programs and advising teams on security best practices.
• Continuous Monitoring: Monitoring IT environments for potential security threats and vulnerabilities.
• Research and Analysis: Staying abreast of emerging security threats, vulnerabilities, and industry best practices, and conducting research on new technologies and mitigation techniques