Overview DecisionPoint seeks a
Information Assurance Engineer - Senior to provide cybersecurity, compliance, and risk management support for Global Information Technology Support Services supporting the Military Surface Deployment and Distribution Command (SDDC) Deputy Chief of Staff for Information Management (G6). This position supports the security, assessment, authorization, monitoring, and compliance of SDDC information systems across classified and unclassified enterprise environments.
The Senior Information Assurance Engineer will provide experienced support for Risk Management Framework activities, eMASS documentation, vulnerability management, STIG compliance, POA&M tracking, cyber compliance reporting, and incident response. The role requires strong experience supporting secure DoD environments and coordinating cybersecurity activities across technical teams, Government stakeholders, ISSOs, ISSMs, system administrators, and program personnel.
This position is located at HQ SDDC, Scott Air Force Base, Illinois.
Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.
Duties & Responsibilities The
Senior Information Assurance Engineer will:
- Provide senior-level cybersecurity and information assurance support for SDDC systems, networks, and cloud-hosted business systems.
- Support RMF activities for the HQ SDDC Installation Campus Network and assigned business systems throughout the authorization lifecycle.
- Develop, review, update, and maintain RMF documentation, security artifacts, control implementation details, authorization packages, and supporting technical documentation.
- Maintain cybersecurity records in eMASS, including authorization status, control posture, assessment results, POA&Ms, system changes, and related artifacts.
- Support continuous monitoring through control assessments, change documentation, risk assessments, impact analysis, and security/privacy posture reporting.
- Lead or support vulnerability management, including analysis of ACAS, Nessus, SCAP, Fortify, STIG, IAVM, and other security findings.
- Develop, maintain, and track POA&Ms for vulnerabilities, RMF findings, STIG findings, IAVMs, and other compliance items.
- Support vulnerability reporting and remediation coordination, including weekly Vulnerability Index reporting and tracking of open Nessus or IAVM findings.
- Monitor STIG compliance, review manual and automated results, validate findings, and map STIG findings to applicable RMF controls.
- Support Cyber Tasking Order compliance, cyber scorecard reporting, audit support, compliance tracking, and cybersecurity posture reporting.
- Review firewall, list, PPSM, and related cybersecurity compliance requests and provide recommendations to Government cybersecurity leadership.
- Support incident response by reviewing suspicious activity, researching potential incidents, and assisting with response, containment, eradication, and recovery.
- Administer, configure, maintain, and report on cybersecurity tools such as HBSS, ACAS, NessSecurity Center, SolarWinds SEM, McAfee NSM, IDS sensors, Splunk, LogRhythm, or comparable tools.
- Coordinate cybersecurity activities with ISSOs, ISSMs, system administrators, network engineers, program offices, functional managers, and Government stakeholders.
- Maintain accurate compliance records, trackers, reports, technical documentation, and audit artifacts for inspections, assessments, authorizations, and Government reporting.
- Ensure cybersecurity activities comply with applicable DoD, Army, USTRANSCOM, SDDC, RMF, STIG, information assurance, and incident handling requirements.
Qualifications Clearance Requirement: - Must hold an active Secret clearance.
- Must be eligible to obtain and maintain required Common Access Card (CAC), facility access, system access, and Government network access.
Education: - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related technical discipline.
Experience: - Minimum 8 years of experience supporting cybersecurity, information assurance, RMF, vulnerability management, or compliance activities within DoD or federal environments.
- Experience supporting RMF authorization activities, system security documentation, control assessment, continuous monitoring, and ATO package development.
- Experience using eMASS to maintain RMF packages, document controls, track POA&Ms, update authorization information, and support assessment activities.
- Experience reviewing vulnerability scan results and coordinating remediation using tools such as ACAS, Nessus, SCAP, Fortify, or comparable DoD-approved scanning tools.
- Experience supporting DISA STIG compliance, including checklist review, finding validation, remediation coordination, and audit documentation.
- Experience developing, updating, and tracking POA&Ms for RMF controls, vulnerabilities, IAVMs, cyber findings, and compliance gaps.
- Experience supporting incident response, suspicious activity reporting, cyber compliance reporting, cyber scorecards, and coordination with ISSO, ISSM, or cybersecurity leadership.
- Experience coordinating cybersecurity activities across technical teams, Government stakeholders, and program personnel in mission-focused environments.
Technical Knowledge: - Knowledge of DoD cybersecurity policies, RMF, eMASS, DISA STIGs, POA&M management, IAVM compliance, continuous monitoring, and vulnerability management processes.
- Familiarity with cybersecurity tools such as ACAS, NessSecurity Center, SCAP, HBSS, McAfee security tools, IDS sensors, Splunk, SolarWinds SEM, LogRhythm, or comparable tools.
- Understanding of cyber compliance reporting, Cyber Tasking Orders, cyber scorecards, vulnerability index reporting, audit support, and authorization package maintenance.
- Knowledge of system security documentation, assessment procedures, control inheritance, ATO conditions, risk assessments, and security control validation.
- Understanding of secure configuration management, system hardening, patching, incident handling, firewall compliance, list review, and PPSM requirements.
- Ability to assess technical findings, evaluate operational risk, and recommend practical remediation actions to Government and technical stakeholders.
Certifications (Preferred): - Must hold applicable DoD 8140 / 8570 cybersecurity workforce baseline certification as required for the position.
- Must meet applicable PWS IA baseline and computing environment certification requirements, as validated against the DD254 and final RFP.
- Security+ CE, CySA+, CASP+, CISSP, or other DoD-approved cybersecurity certification preferred, depending on final labor category and access requirements.
Skills: - Strong analytical and problem-solving skills in cybersecurity and compliance-driven environments.
- Ability to lead cybersecurity documentation, assessment, remediation, and reporting activities with minimal oversight.
- Strong attention to detail when reviewing RMF controls, STIG checklists, vulnerability findings, POA&Ms, and audit artifacts.
- Ability to coordinate effectively with system administrators, network engineers, cybersecurity staff, Government stakeholders, and technical leads.
- Strong written and verbal communication skills for reporting risks, findings, remediation status, compliance posture, and recommendations.
- Commitment to protecting DoD information systems, supporting mission assurance, and maintaining continuous cybersecurity compliance.
Our Equal Employment Opportunity Policy - EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
- Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
- Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.
Never miss an opportunity! Create an alert based on the job you applied for.