IT Information Assurance/Security Engineer, Senior

JOB TITLERead on to find out what you will need to succeed in this position, including skills, qualifications, and experience.IT Information Assurance/Security Engineer, SeniorCLEARANCETS/SCI w/CI PolyWORK LOCATIONOn client site. Herndon, VAREMOTE WORKRemote work is not authorized.TRAVELNoneJOB DESCRIPTIONWe are seeking an Expert IT Information Assurance/Security Engineer to lead and enhance our large enterprise cloud-based systems and applications. In this pivotal role, you will ensure compliance with ISSO roles and responsibilities as defined by agency directives, while performing critical tasks in support of various information assurance programs. Your expertise will be instrumental in security authorization activities, following Risk Management Framework (RMF) policies, and developing essential documentation including System Security Plans (SSPs), Risk Assessment Reports, and Security Controls Traceability Matrices (SCTM). You will also be responsible for crafting Security Test Procedures (STP), conducting self-assessments, and validating security designs to maintain a robust operational security posture.As a key member of the team, you will analyze system audit logs to detect anomalous activities and potential threats, as well as perform vulnerability assessments to identify and mitigate risks within security systems. Your comprehensive understanding of cybersecurity policies and techniques will help ensure the integrity of information systems, particularly those processing classified information. Collaborating closely with government customers, you will support continuous monitoring (ConMon) activities, manage computer security incidents, and ensure compliance with regulatory standards. Additionally, you will maintain thorough documentation within government record-keeping systems like Xacta, provide configuration management for security-relevant components, and conduct risk analysis for significant changes to applications and systems.Job DutiesEnsure compliance with ISSO roles and agency directives.Develop and maintain System Security Plans (SSPs).Conduct security authorization activities in compliance with RMF.Create and implement Security Test Procedures (STP).Perform self-assessments to validate security designs.Maintain operational security posture for information systems.Conduct STIG reviews and self-risk assessments.Analyze system audit logs for anomalous activities.Perform vulnerability scans and remediation.Ensure effectiveness of cybersecurity-enabled products and controls.Identify security gaps and recommend improvements.Collaborate with government customers on ConMon activities.Manage computer security incidents and vulnerability compliance.Input and maintain documentation in Xacta.Provide configuration management for security-relevant software, hardware, and firmware.Conduct risk analysis for significant application/system changes.Provide input for Risk Management Framework process activities.Stay informed about cybersecurity trends and regulatory changes.Engage in training and mentorship of junior staff.Develop policies and guidelines for information security.Conduct periodic security reviews and audits.Collaborate with cross-functional teams to enhance security protocols.Participate in incident response planning and execution.Review and analyze threat intelligence data.Advocate for security best practices across the organization.QUALIFICATIONSMinimum Years of Experience:Relevant Job Experience Required: 8 yearsOverall IT Experience Required: 10 yearsTechnical Skills and Experience:FISMA and NIST compliance expertiseSecurity Control Assessment (NIST SP 800-37, 800-53)Risk analysis and assessment methodologiesProficiency in SplunkExperience with Amazon Web Services (AWS)Familiarity with Xacta for documentationStrong written and verbal communication skillsExperience in policy development for Federal/DoD Information SecurityAbility to analyze complex security dataFamiliarity with cybersecurity incident response proceduresKnowledge of STIGs and vulnerability managementUnderstanding of Continuous Monitoring (ConMon) practicesExperience in identifying and mitigating security risksStrong organizational skills and attention to detailAbility to lead security reviews and auditsFamiliarity with risk management processesAbility to train and mentor junior staffStrong analytical skills for threat detectionKnowledge of cybersecurity technologies and toolsUnderstanding of OMB Information Security directivesExperience developing and implementing security policiesUnderstanding of FISCAM complianceEducationBachelor's degree in computer science, software engineering or other equally relevant field.Certification(s)Currently Active:Active Security+CISSPCISA or equivalent (DoD 8570 IAM 2)Professional Attributes & ValuesWe are looking for a professional who exemplifies the following core values:Integrity and Accountability: Demonstrates principled character, consistently upholding honesty and taking responsibility for their actions with the highest ethical standards.Respect and Diversity: Treats others with dignity and fairness, valuing diverse perspectives to foster an inclusive and collaborative work environment.Effective Communication: Delivers clear, accurate, and timely written and verbal communications, ensuring comprehensive understanding from the first conveyance.Interpersonal Skills: Exhibits a courteous and approachable demeanor, fostering positive relationships and promoting teamwork.Continuous Improvement: Proactively seeks opportunities for growth through self-assessment, professional development, and constructive feedback.SoundWay is an Equal Opportunity Employer (EOE):SoundWay is committed to diversity, equity, and inclusion. We provide equal employment opportunities without discrimination based on race, religion, age, gender, disability, veteran status, or any other protected characteristic.Join SoundWay and bring your unique talents to a team that truly values and respects every individual.ABOUT SOUNDWAYContinued Service to Country through Contracting.Check out SoundWay on YouTubeBENEFITSSoundWay Pays 100% of the Employee's Premium for the below benefits and *SoundWay pays a portion of the additional cost to add a spouse, partner, child(ren), or family.Medical Insurance*Dental Insurance*Vision Insurance*Short-Term Disability InsuranceLong-Term Disability InsuranceBasic Life InsuranceEmployee Assistance ProgramIdentity Theft ProtectionAdditional Competitive Benefits Include:10 Paid Holidays a YearPaid Time Off (combined vacation & sick time off)Matching 401K Voluntary Retirement PlanFlexible Spending AccountProfessional Development FundsPERKSPerks for Everyone Include:Flexible Work SchedulesEmployee Referral Bonus - $2000 MinimumEmployee Recognition - Award$ & SWAGGiving Back Sponsorship - Employee-Recommended Events, Charities, & RecipientsABOUT USFounded by a service-disabled Army veteran in 2011, SoundWay is dedicated to Continued Service to Our Nation Through Contracting. We fulfill this mission by empowering our clients to succeed, enabling our employees to excel, and making a positive impact in everything we do.Since its founding, SoundWay has been a trusted provider of Information Technology, Cybersecurity, and Mission Support services. As an SBA-certified HUBZone, SDVOSB, and WOSB small business, we are proud to serve a diverse array of clients across the federal government, including Civil Agencies, the Department of Defense (DoD), and the Intelligence Community (IC). We also support businesses with government contracts, ensuring their compliance with FAR 52.204-21, Cybersecurity Maturity Model Certification (CMMC), and NIST SP 800-171 requirements.Cybersecurity. SoundWay is a recognized leader in Government Cybersecurity Compliance, ranked among the Top 250 Managed Security Services Providers (MSSP) for 2023. As a Cyber-AB Authorized C3PAO, we are one of fewer than 50 nationwide, offering expert guidance and certification services. Our flagship managed service, CAMO, is a groundbreaking and cost-effective solution for achieving and maintaining CMMC compliance.Cloud & Systems Engineering. In the realm of Information Technology Professional Services, we offer a comprehensive range of IT engineering, development, testing, integration, and administration services. Our expertise spans cloud platforms like AWS and Azure, containerization tools such as Docker and Kubernetes, as well as programming languages including .Net, C languages, Java, Python, JavaScript, and BASH. We also specialize in database management with Oracle, MySQL, and MongoDB.#J-18808-Ljbffr

Created: 2024-11-05