Information Assurance/Security Engineer, L4
Company: Soundway Records
Location: Herndon
Posted on: November 11, 2024
Job Description:
CLEARANCE
TS/SCI w/CI Poly
LOCATION
Onsite Herndon, VA
TRAVEL
None
JOB DESCRIPTION
The Information Assurance/Security Engineer, Level 4 (ISSO), plays
a vital role in supporting the security and compliance of
information systems within an Intelligence Community (IC)
environment. This position involves the design, implementation, and
continuous monitoring of security controls to ensure the integrity,
confidentiality, and availability of mission-critical systems and
data. As an ISSO, you will be responsible for defining security
requirements, conducting vulnerability assessments, implementing
Security Technical Implementation Guides (STIGs), and supporting
security authorization processes in alignment with NIST Risk
Management Framework (RMF), FISMA, and other industry
standards.
In this role, you will engage in a range of activities to safeguard
systems, including configuring security tools such as Splunk,
developing Security Test Procedures (STPs), conducting risk
analysis, and providing security oversight in Agile development
settings. Your work will also include collaborating with system
administrators and architects to identify and resolve
vulnerabilities, ensuring compliance with regulatory requirements,
and supporting reporting to key IC and DoD authorities. You will
play a pivotal role in maintaining the security posture of the
organization by ensuring that all systems meet or exceed security
requirements and compliance standards.
This position is ideal for a highly skilled ISSO professional with
a strong background in security engineering, compliance, and risk
management, ready to contribute to national security efforts
through secure system design and monitoring.
Job Duties
Security Design & Integration
- Define and integrate information security requirements into
hardware, operating systems, and software applications to meet
cybersecurity objectives and compliance standards.
- Develop and implement security designs that ensure systems and
components align with cyber security requirements, including
Security Controls Traceability Matrix (SCTM) compliance.
- Assist system architects and developers in identifying and
implementing appropriate security functionalities to ensure
consistent application of security policies.
- Support security authorization activities, ensuring alignment
with the NIST Risk Management Framework (RMF) and compliance with
FISMA, NIST SP 800-53, and related regulations.
- Validate control implementations to ensure they enforce
required data access and network flow restrictions as part of a
continuous monitoring strategy.
Vulnerability Assessment & Risk Analysis
- Conduct risk analysis using tools like ACAS, CVEs, and plugins
to identify security vulnerabilities and assess their impact on the
system.
- Provide risk analysis and remediation guidance to system
administrators, collaborating to mitigate vulnerabilities.
- Develop and manage Plans of Action & Milestones (PO&AMs)
for identified vulnerabilities, tracking progress and remediation
efforts.
- Guide the remediation of vulnerabilities and malware, offering
technical recommendations to prevent future incidents.
Security Testing & Monitoring
- Implement, validate, and enforce Security Technical
Implementation Guide (STIG) requirements for system security and
compliance.
- Develop, customize, and configure security monitoring tools
such as Splunk to provide enhanced visibility into security events
and activities.
- Develop and execute Security Test Procedures (STP) to verify
compliance with required security configurations and ensure systems
are meeting security standards.
- Conduct self-assessments and support A&A testing to
validate the security designs and configurations of existing or new
systems.
- Execute continuous monitoring efforts, responding to security
data calls, scan requests, and weekly/monthly reporting
requirements.
Reporting & Documentation
- Provide detailed and timely reports on system security status,
vulnerabilities, and compliance activities to senior management and
government stakeholders.
- Prepare and maintain documentation for security processes,
assessments, configurations, and policies, ensuring all security
measures are properly documented and tracked.
- Participate in the preparation of reports for compliance with
government security and regulatory frameworks (e.g., NIST, FISMA,
DoD policies).
- Assist in preparing and delivering security documentation for
security audits, assessments, and certifications.
Collaboration & Stakeholder Engagement
- Work with system administrators, engineers, and developers to
ensure security controls are applied consistently across all stages
of system development and operations.
- Participate in Agile planning events, providing input on
security requirements and ensuring security is integrated into
development workflows.
- Collaborate with government authorities, such as USCYBERCOM and
IC-SCC, to address security concerns and ensure compliance with
federal security mandates.
- Engage with external agencies for support and validation during
the certification and accreditation process.
Incident Response & Security Remediation
- Provide guidance and support for incident handling, ensuring
that security events are promptly identified, analyzed, and
mitigated.
- Assist in the investigation and resolution of security
incidents, coordinating with incident response teams and providing
expert analysis to prevent future occurrences.
- Ensure that incident response procedures align with federal and
organizational security policies, maintaining appropriate
documentation of events and actions taken.
Agile Development & Secure System Lifecycle
- Participate in Agile development sprints to ensure security
requirements are incorporated into the development process from the
outset.
- Integrate security features into commercial off-the-shelf
(COTS) and government off-the-shelf (GOTS) systems throughout their
lifecycle.
- Advise on secure system integration, cross-domain solutions,
and secure coding practices to minimize risk during system design
and development.
QUALIFICATIONS
Citizenship & Residence:
- Applicants must be U.S. citizens.
Minimum Years of Experience Required:
- 4 years: Job-related experience including Information Systems
Security Officer (ISSO), NIST, FISMA and other regulatory
requirements.
- 8 Years: Relevant Information Assurance and Information
Security.
Security and Compliance Frameworks
- FISMA compliance
- NIST RMF, NIST SP 800-37, NIST SP 800-53, NIST SP
800-53A
- CNSSI No. 1243 (Certification & Accreditation)
- DoD Security Technical Implementation Guides (STIGs)
- Security Content Automation Protocol (SCAP)
- NIST Cybersecurity Framework (CSF)
- Risk Management and Vulnerability Assessment
Risk analysis and assessment (ACAS, CVEs, CWEs, and plugins)
- Plans of Action & Milestones (PO&AM) management
- Vulnerability remediation and malware guidance
- Security Control Assessment (SCA) and evaluation
- Incident handling, response, and remediation
- FISMA and NIST certification requirements experience
Tools and Technologies
- Splunk configuration and dashboard creation
- Experience with Xacta and CSAM tools
- Experience with AWS security configurations
- Familiarity with ACAS, Nessus, OpenVAS, and similar
vulnerability scanning tools
- Security Information and Event Management (SIEM) tools
System Security Design and Architecture
- Security architecture design and integration
- Security testing and validation (Security Test Procedures, STIG
validation)
- System integration and cross-domain solutions
- Authentication, authorization, and cryptographic
techniques
- Configuration management and change control
Communication and Reporting
- Advanced verbal and written communication skills
- Preparation of security reports and technical
documentation
- Experience presenting findings to government agencies (e.g.,
USCYBERCOM, IC-SCC)
- Policy development and security training for federal or DoD
programs
Agile and Development Integration
- Agile development lifecycle participation
- Integration of security into DevSecOps environments
- Secure coding and software development best practices
Desired Additional Experience:
- Experience in Security Control Assessments (NIST SP 800-37, SP
800-53A).
- Familiarity with CSAM tool for risk management and
compliance.
- Experience with Amazon Web Services (AWS), Xacta, and FISCAM
compliance.
Education
Bachelors degree in Computer Science, Information Security,
Information Technology, or a related field from an accredited
university.
-OR-
Masters degree in a relevant field; this may reduce the minimum
number of years experience by 2 years.
-OR-
Waiver: A Bachelor's degree may be waived with four (4) additional
years ISSO experience.
Certification(s)
Required:
- Security+, CISSP, CISA, or equivalent certification (DOD 8570
IAM 2 level or higher).
#J-18808-Ljbffr
Keywords: Soundway Records, Silver Spring , Information Assurance/Security Engineer, L4, Engineering , Herndon, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...