Intermediate Information Assurance Assessor/Engineer

Location: Rosslyn, VA
Date Posted: 11-14-2018
MUST HAVE ACTIVE TOP SECRET CLEARANCE TO BE CONSIDERED**

Position Overview:
  • As an Intermediate Information Assurance Assessor/Engineer, you will conduct FISMA-driven security assessments on Federal systems. At a minimum, you must have two-plus (2+) years of experience conducting security control assessments, a sound working knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, and the Risk Management Framework (RMF) process outlined in the NIST SP 800-37. You will document all assessment and test results, be able to convey these findings to technical and non-technical audiences, and analyze the results of vulnerability scans and/or penetration testing. Prepare Authorization and Accreditation (A&A) briefings for the Authorizing Official, to include security evaluation findings and residual risks.
Essential Duties and Responsibilities:
  • Conducting comprehensive reviews of security authorization documents to ensure the appropriate NIST security controls are implemented correctly, operating as intended, and producing the desired outcome with respect to the confidentiality, integrity, and availability of the systems and generates compliance status reports;
  • Performing independent system security assessments, risk assessments, and system audits with minimal guidance;
  • Ensuring required security authorization activities are completed and the results are documented in the XACTA tool for maintaining FISMA Compliance;
  • Evaluating new IT systems involving software, hardware, configuration, and proposed changes to ensure IT security posture is in compliance with existing information security policies and regulations;
  • Collecting evidence to support implementation of system baseline security controls and performs analysis on evidence to ensure compliance with the systems security plan and risk management framework;
  • Coordinating resolution of system deficiencies and POA&M findings with other Department offices, as required;
  • Preparing plan of action and milestones (POA&M) reports to record system deficiencies and findings for all applications;
  • Reviewing and validating system configurations (hardware/software) to ensure it complies with appropriate department policies and configuration standards.
Job Qualifications:
  • MUST HAVE CURRENT TOP SECRET;
  • Certified Authorization Professional (CAP), Federal IT Security Professional - Auditor (FITSP-A) or equivalent certification;
  • A Bachelor's degree in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines is preferred, but not required;
  • Minimum of 2+ years of security control assessments following the RMF and using NIST SP 800-53 security controls for those assessments and system security/FISMA compliance-based experience;
  • Possess strong written and verbal communication skills in order to speak at group events, and to interface with customers and system stakeholders including presentations to senior executives;
  • Ability to interpret the results of vulnerability scans and penetration tests as well as reviewing compliance manually;
  • Demonstrated ability to conduct a system security assessment with minimal guidance;
  • Familiarity with writing/reviewing A&A Package deliverables to include, but not limited to Security Assessment Plans (SAP), Security Assessment Reports (SAR), System Security Plan (SSP), Information System Contingency Plan (ISCP) SCF).
Preferred Skills:
  • Familiarity with reviewing/applying STIGS/hardening/best practice guides to information systems;
  • Experience with XACTA;
  • Familiarity with interpreting complex systems/network architecture diagrams.
This is an excellent opportunity for an experienced and motivated IT Professional seeking personal challenges and professional rewards. NIS is a fast-growing, award-winning provider of IT solutions and services, and provides software engineering and development solutions using a variety of development tools, including host-based, web-based, and client-server applications. We offer a unique, stimulating, challenging, and fun environment that fosters individual growth and rewards performance.
Our competitive benefits package includes medical and dental coverage, 401k plan with employer contribution, paid holiday, vacation and sick leave, metro-check program, and tuition reimbursement. If you enjoy working with bright, highly motivated people that are dedicated to excellence, please apply today!

Nationwide IT Services, Inc. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

 
Talent Acquisition
Nationwide IT Services, Inc. (NIS)
this job portal is powered by CATS