Industry leading contractor located in Bethesda, MD is seeking an Information Assurance Engineer.
Perform system and application Assessment and Authorization (A&A)-related tasks including Risk Management Framework (RMF) package development, Cybersecurity (Information Assurance) controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology reviews/assessments.
Essential Job Requirements
- Reviewing information system (IS) architectures, operating mode, applications, data types, system boundaries, connections and other relevant information that will allow a full risk assessment
- Determining the security requirements and provide a Requirements Traceability Matrix (RTM) to the Contracting Officer Representative (COR).
- Complying with the defined Security Authorization Process (SAP) process consisting of:
- Generating an information system initial risk assessment report;
- Developing the security plan (SP);
- Supporting the security control assessment plan, independent verification and validation, independent audits.
- Obtaining, retrieving, compiling, and drafting documentation for inclusion to the SP.
- Ensuring that all drafts go thru Quality Assurance Review prior to delivery.
- Verifying the accuracy of the SP, system architectural diagrams, and identity of the systems being accredited.
- Performing and conducting Test and Evaluation to ensure that system and software is compliant with all selected CCIs.
- Performing System Architectural Analysis to include reviewing of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security, and review other pertinent system development life cycle documentation.
- Determining if Personal Identifiable Information is stored, processed, or transmitted within the general support system.
- Assisting in the ongoing improvement of Information Assurance procedures for information system security.
- Supporting IVV testing for RMF accreditation.
- Assembling packages at the direction of the ISSM and ISSO's and providing copies of the package as needed.
Bachelor of Arts / Bachelor of Science degree from an accredited university.
- At least seven (7) years demonstrated experience supporting a software system’s Security Authorization process under the Department of Defense DIACAP and RMF processes.
- Experience providing support relative to Assessment and Authorization processes and DOD Cybersecurity (Information Assurance) directives.
- Familiar with DoD Cybersecurity directives, policy, instructions and orders.
- DoD baseline Cybersecurity certifications in accordance with DoD 8570.01-M for Windows Server (IAM Level II).
Excellent communication skills (verbal and written) required. Must be US citizen and meet eligible requirements for security clearance.
We are a VEVRAA Contractor/Priority Referral of Protected Vets