Information Assurance Engineer (Security Compliance) Location: Gaithersburg, MD Job Description * Provide information assurance/information security technology and organizational security engineering * Support FedRAMP cloud programs * Provide lifecycle planning, support and development of all aspects of system certification and accreditation (C&A) from initiation through authority to operate (ATO) * Provide security engineering for system design, risk identification, and implementation of controls, processes, and documentation in accordance with guidelines, policies, strategies and requirements * Ensure that system security requirements are managed and addressed throughout the system lifecycle thereby ensuring system security compliance and approval for system operation * Participate in system change technical review process, security requirements testing development and approval, and security assessments that establish and maintain appropriate security posture for the program. Required Skills * Demonstrated broad background in information security across a broad range of information security skills and technologies, especially Certification and Accreditation (C&A) * Familiarity with Information Security directives, regulations, guidance, and controls specific to the US government agencies (e.g. FISMA*based C&A, NIST 800*53, etc.) *Demonstrated familiarity with one or more of the following: Incident Response, Contingency/Disaster Recovery Planning, Configuration Management * Demonstrated success in working on large*scale, multi*disciplined programs in large corporate environment * Ability to communicate security issues and concerns effectively at all levels through effective verbal, presentation, and written communication skills for technical and non*technical audiences * Demonstrated effective customer relations and proven ability to work across organizational and functional lines * Demonstrated ability to work well in highly diverse, collaborative, team environment Desired Skills * Recognized Information Security/Information Assurance certification (e.g. CISSP, CISM, GSE) * Experience writing Information Security/Information Assurance documentation (e.g. System Security Plan) and proposal writing * Experience managing POAMs and Risk Assessments * Familiarity with various commercial security products, e.g. Network Vulnerability Scanners (Nessus and Foundstone), Application Security Scanners (AppScan), McAfee Suite, CISCO Firewall and IPS, CIS Benchmark * Comfortable with hands*on, lab activities, including vulnerability scanning, security requirements, and security configuration/customization * Solid skills in either UNIX (Linux), Windows or both* Demonstrated ability to take initiative and solve complex problems * Ability to demonstrate creative, thought leadership in security solutions appropriate for customer and program Certifications None required. CISSP or cloud security certificate desirable Clearance None Shift 9:00-5:30 (exact hours negotiable) |
|