Information Assurance/Security Engineer IV
Onsite | Herndon, VA | 5 days a week
Active TS/SCI w/ CI Poly Clearance Required
Summary
Our client provides reliable, effective, and innovative technology solutions that advance federal, state, local, and nonprofit missions. Their technologists and consultants are passionate about solving complex challenges that impact millions of lives. Also, our client takes a Mindful Modernization approach in delivering our application modernization, grants management systems, government data analytics, and advisory services. Mindful Modernization is our client's way of delivering mission impact by aligning our government customers’ strategic objectives to measurable outcomes through people, processes, and technology.
Responsibilities
The Information Assurance/Security Engineer, Level 4 (ISSO), plays a vital role in supporting the security and compliance of information systems within an Intelligence Community (IC) environment. This position involves the design, implementation, and continuous monitoring of security controls to ensure the integrity, confidentiality, and availability of mission-critical systems and data. As an ISSO, you will be responsible for defining security requirements, conducting vulnerability assessments, implementing Security Technical Implementation Guides (STIGs), and supporting security authorization processes in alignment with NIST Risk Management Framework (RMF), FISMA, and other industry standards.
In this role, you will engage in a range of activities to safeguard systems, including configuring security tools such as Splunk, developing Security Test Procedures (STPs), conducting risk analysis, and providing security oversight in Agile development settings. Your work will also include collaborating with system administrators and architects to identify and resolve vulnerabilities, ensuring compliance with regulatory requirements, and supporting reporting to key IC and DoD authorities. You will play a pivotal role in maintaining the security posture of the organization by ensuring that all systems meet or exceed security requirements and compliance standards.
This position is ideal for a highly skilled ISSO professional with a strong background in security engineering, compliance, and risk management, ready to contribute to national security efforts through secure system design and monitoring.
Security Design & Integration
Define and integrate information security requirements into hardware, operating systems, and software applications to meet cybersecurity objectives and compliance standardsDevelop and implement security designs that ensure systems and components align with cyber security requirements, including Security Controls Traceability Matrix (SCTM) complianceAssist system architects and developers in identifying and implementing appropriate security functionalities to ensure consistent application of security policiesSupport security authorization activities, ensuring alignment with the NIST Risk Management Framework (RMF) and compliance with FISMA, NIST SP 800-53, and related regulationsValidate control implementations to ensure they enforce required data access and network flow restrictions as part of a continuous monitoring strategyVulnerability Assessment & Risk Analysis
Conduct risk analysis using tools like ACAS, CVEs, and plugins to identify security vulnerabilities and assess their impact on the systemProvide risk analysis and remediation guidance to system administrators, collaborating to mitigate vulnerabilitiesDevelop and manage Plans of Action & Milestones (PO&AMs) for identified vulnerabilities, tracking progress and remediation effortsGuide the remediation of vulnerabilities and malware, offering technical recommendations to prevent future incidentsSecurity Testing & Monitoring
Implement, validate, and enforce Security Technical Implementation Guide (STIG) requirements for system security and complianceDevelop, customize, and configure security monitoring tools such as Splunk to provide enhanced visibility into security events and activitiesDevelop and execute Security Test Procedures (STP) to verify compliance with required security configurations and ensure systems are meeting security standardsConduct self-assessments and support A&A testing to validate the security designs and configurations of existing or new systemsExecute continuous monitoring efforts, responding to security data calls, scan requests, and weekly/monthly reporting requirementsReporting & Documentation
Provide detailed and timely reports on system security status, vulnerabilities, and compliance activities to senior management and government stakeholdersPrepare and maintain documentation for security processes, assessments, configurations, and policies, ensuring all security measures are properly documented and trackedParticipate in the preparation of reports for compliance with government security and regulatory frameworks (e.g., NIST, FISMA, DoD policies)Assist in preparing and delivering security documentation for security audits, assessments, and certificationsCollaboration & Stakeholder Engagement
Work with system administrators, engineers, and developers to ensure security controls are applied consistently across all stages of system development and operationsParticipate in Agile planning events, providing input on security requirements and ensuring security is integrated into development workflowsCollaborate with government authorities, such as USCYBERCOM and IC-SCC, to address security concerns and ensure compliance with federal security mandatesEngage with external agencies for support and validation during the certification and accreditation processIncident Response & Security Remediation
Provide guidance and support for incident handling, ensuring that security events are promptly identified, analyzed, and mitigatedAssist in the investigation and resolution of security incidents, coordinating with incident response teams and providing expert analysis to prevent future occurrencesEnsure that incident response procedures align with federal and organizational security policies, maintaining appropriate documentation of events and actions takenAgile Development & Secure System Lifecycle
Participate in Agile development sprints to ensure security requirements are incorporated into the development process from the outsetIntegrate security features into commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) systems throughout their lifecycleAdvise on secure system integration, cross-domain solutions, and secure coding practices to minimize risk during system design and developmentRequirements
4+ years of job related experience including Information Systems Security Officer (ISSO), NIST, FISMA and other regulatory requirements8+ years of relevant Information Assurance and Information Security experienceExperience within the following is required:Security and Compliance FrameworksFISMA complianceNIST RMF, NIST SP 800-37, NIST SP 800-53, NIST SP 800-53ACNSSI No. 1243 (Certification & Accreditation)DoD Security Technical Implementation Guides (STIGs)Security Content Automation Protocol (SCAP)NIST Cybersecurity Framework (CSF)Risk Management and Vulnerability AssessmentRisk analysis and assessment (ACAS, CVEs, CWEs, and plugins)Plans of Action & Milestones (PO&AM) managementVulnerability remediation and malware guidanceSecurity Control Assessment (SCA) and evaluationIncident handling, response, and remediationFISMA and NIST certification requirements experienceTools and TechnologiesSplunk configuration and dashboard creationExperience with Xacta and CSAM toolsExperience with AWS security configurationsFamiliarity with ACAS, Nessus, OpenVAS, and similar vulnerability scanning toolsSecurity Information and Event Management (SIEM) toolsSystem Security Design and ArchitectureSecurity architecture design and integrationSecurity testing and validation (Security Test Procedures, STIG validation)System integration and cross-domain solutionsAuthentication, authorization, and cryptographic techniquesConfiguration management and change controlCommunication and ReportingAdvanced verbal and written communication skillsPreparation of security reports and technical documentationExperience presenting findings to government agencies (e.g., USCYBERCOM, IC-SCC)Policy development and security training for federal or DoD programsAgile and Development IntegrationAgile development lifecycle participationIntegration of security into DevSecOps environmentsSecure coding and software development best practicesPreferred Requirements
Experience in Security Control Assessments (NIST SP 800-37, SP 800-53A)Familiarity with CSAM tool for risk management and complianceExperience with Amazon Web Services (AWS), Xacta, and FISCAM complianceEducation/Certification Requirements
A Bachelors degree in Computer Science, Information Security, Information Technology, or a related field from an accredited university is required. A Masters degree in a relevant field may reduce the minimum number of years experience by 2 yearsA Bachelor’s degree may be waived with four (4) additional years of ISSO experienceA Security+, CISSP, CISA, or equivalent certification (DOD 8570 IAM 2 level or higher) is requiredClearance Requirements
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; an active TS/SCI clearance with a CI Poly is required.Other DutiesPlease note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. -------------- About UsNorthern Virginia-based Precision Solutions is an expert in staffing solutions for companies of any size that open the door to new opportunities and seek outstanding talent. We pride ourselves on being versatile enough to tailor our relationships to the needs of each individual client, being agile in the fast-paced marketplace, and being precise in meeting the needs of any company. Equal Opportunity Employer StatementPrecision Solutions is an equal opportunity employer. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Options ApplyApplyShareRefer this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Application FAQs
Software Powered by iCIMS
www.icims.com