13 Mar
Information Assurance Engineer III A2
Vacancy expired!
- Work with system owners to close IAVMs/ICVMs and open Plan of Action and Milestones (POA&Ms) in a rapid fashion, in accordance with DoD instructions/directives. Review all POA&MS with the Program Manager on at least a quarterly basis and update the POA&Ms accordingly.
- Provide Defense in Depth principles and technology in security engineering designs and implementation
- Analyze existing and future systems, reviewing security architectures, and developing engineering solutions that integrate information security requirements to proactively manage information protection
- Apply security risk assessment methodology to system development, including assessing and auditing network penetration testing, antivirus deployment, risk analysis
- Conduct Computer Incident Response Team (CIRT) activities, including forensic analysis
- Provide communications security (COMSEC) rekeying support within normal business hours or on-call, as required. Prepare and maintain secure communications devices and crypto keys. Provide Certification and Accreditation, as well as provide Automated Information System Accreditation support
- Provide Security Risk Assessment. Perform risk analysis of resources, controls, vulnerabilities, impact of losing systems' capabilities and threats to the mission objective; provide analysis to facilitate decisions to implement security countermeasures or mitigate risk; implement countermeasures; periodically review program. Recognize possible threats and review evaluations for compliance and non-compliance.
- Bachelor's Degree in Computer Science, Cybersecurity, Computer Engineering, or related discipline. Comparable experience in lieu of degree may be considered.
- 5+ years of experience performing Information Assurance functions and using RMF IT security controls and policies
- Must possess and maintain an IT I level certification IAW AR 25-2 and an IAT II certifications IAW DoD 8570.01-M
- A track record of progressively responsible information assurance experience in one or more of the following information security areas: certification and accreditation, IA system evaluations, system security penetration testing, and IA security operations/network monitoring, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information Management/Security Event Management, network mapping, vulnerability scanners, firewalls, routers and other security tools
- Candidate must have at least 3 years of experience in the IT industry, and be familiar with the applicable NIST Special Publications 800-37 Revision 1, 800-53 Revision 3 or 4, and 800-53A Revision 1.
- Experience and basic knowledge of networking components and various operating systems in a cloud environment, including UNIX and Microsoft is a plus.
- Expertise in other Security Frameworks (ISO, NIST, COBIT, HIPAA/HITECH, etc.) and regulatory requirements is a plus
- Working knowledge of public key infrastructure and encryption systems
- Experience working on an information security incident response team
- Familiarity with Security Technical Implementation Guides (STIG) and system security processes.
- Experience working in CMMI Level 3 (or higher) environments is a plus
Vacancy expired!