Information Assurance Specialist

Job Description

ECS is seeking an Information Assurance Specialist to work in our Washington, DC office.

Overview ECS is seeking a specialized Information Assurance Specialist to support the Department of State (DOS) Bureau of Diplomatic Technology (DT). This role sits within the Independent Security Control Assessment (ISCA) team and focuses on the technical assessment of high-value data systems.

The ideal candidate will serve as a Technical Assessor responsible for executing vulnerability scanning, database security configuration analysis, and technical compliance auditing under NIST SP 800-53A Rev. 5. You will directly support RMF Step 4 (Assessment) by producing technical evidence, analyzing scan results, and verifying the security of mission-critical databases and infrastructure.

Key Responsibilities

• Database & Technical Assessment:
  • Conduct in-depth security configuration assessments of database management systems (DBMS) (e.g., Oracle, SQL Server, PostgreSQL) against DOS Configuration Guides, DISA STIGs, and CIS Benchmarks.
  • Analyze database permission settings, encryption implementation, and auditing configurations to verify compliance with NIST SP 800-53 Rev. 5 controls.
  • Perform manual validation of technical controls that cannot be fully assessed via automated scanning, ensuring comprehensive coverage of the system boundary.
• Vulnerability Scanning & Analysis:
  • Execute and analyze automated vulnerability scans using agency-approved tools (e.g., Tenable Nessus, dbProtect, AppDetective).
  • Analyze security tool reports to differentiate false positives from valid findings, determining actual residual risk based on the operational environment.
  • Correlate scan data with system inventory to ensure 100% asset coverage within the authorization boundary.
• RMF Step 4 Support:
  • Develop the technical portions of Security Assessment Plans (SAP), identifying the specific tools and methods required for database and infrastructure testing.
  • Document objective evidence of findings, including screenshots, raw scan logs, and configuration exports, to support the Security Assessment Report (SAR).
  • Provide detailed remediation guidance to System Administrators and ISSOs to resolve technical findings and update Plans of Action and Milestones (POA&Ms).
• Continuous Monitoring:
  • Support Information Security Continuous Monitoring (ISCM) by performing periodic database scans and security impact analyses of changes to the data environment.
  • Verify the effectiveness of remediation efforts through regression testing and re-scanning of patched systems.

Salary Range: $90,000 - $120,000

General Description of Benefits

Required Skills

• Clearance: Active Secret Security Clearance (Required).
• Experience: 5+ years of Information Security experience, with a focus on technical assessments and vulnerability management.
• Database Security: Proven experience auditing and securing major database platforms (SQL, Oracle, etc.) and interpreting DOS Configuration Guides and/or DISA STIGs for databases.
• Vulnerability Scanning: Hands-on proficiency with scanning tools such as Nessus, Burp Suite, AppDetective, or similar vulnerability assessment solutions.
• Framework Knowledge: Deep understanding of NIST SP 800-53A assessment procedures and how they apply to technical infrastructure.
• Reporting: Ability to translate raw scan data into actionable risk findings for the Security Assessment Report (SAR).

Desired Skills

• Certifications: One or more of the following is highly preferred: CISSP, CEH, CISA, or database-specific security certifications (e.g., Oracle Certified Professional).
• Scripting: Familiarity with SQL, Python, or PowerShell to automate data collection and configuration checks.
• Cloud Experience: Experience assessing database services in AWS (RDS) or Azure (SQL DB).
• Agency Experience: Prior experience supporting Department of State or DHS technical assessment programs

#ECS1

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.