Senior IT Information Assurance/Security Engineer

Onsite | Herndon, VA | 5 Days a Week

Active TS/SCI, CI Poly Clearance Required

Summary
Our client provides reliable, effective, and innovative technology solutions that advance federal, state, local, and nonprofit missions. Their technologists and consultants are passionate about solving complex challenges that impact millions of lives. Also, our client takes a Mindful Modernization approach in delivering our application modernization, grants management systems, government data analytics, and advisory services. Mindful Modernization is our client's way of delivering mission impact by aligning our government customers’ strategic objectives to measurable outcomes through people, processes, and technology.

Responsibilities

Our client is seeking an Expert IT Information Assurance/Security Engineer to lead and enhance their large enterprise cloud-based systems and applications. In this pivotal role, you will ensure compliance with ISSO roles and responsibilities as defined by agency directives, while performing critical tasks in support of various information assurance programs. Your expertise will be instrumental in security authorization activities, following Risk Management Framework (RMF) policies, and developing essential documentation including System Security Plans (SSPs), Risk Assessment Reports, and Security Controls Traceability Matrices (SCTM). You will also be responsible for crafting Security Test Procedures (STP), conducting self-assessments, and validating security designs to maintain a robust operational security posture.

As a key member of the team, you will analyze system audit logs to detect anomalous activities and potential threats, as well as perform vulnerability assessments to identify and mitigate risks within security systems. Your comprehensive understanding of cybersecurity policies and techniques will help ensure the integrity of information systems, particularly those processing classified information. Collaborating closely with government customers, you will support continuous monitoring (ConMon) activities, manage computer security incidents, and ensure compliance with regulatory standards. Additionally, you will maintain thorough documentation within government record-keeping systems like Xacta, provide configuration management for security-relevant components, and conduct risk analysis for significant changes to applications and systems.

• Ensure compliance with ISSO roles and agency directives
• Develop and maintain System Security Plans (SSPs)
• Conduct security authorization activities in compliance with RMF
• Create and implement Security Test Procedures (STP)
• Perform self-assessments to validate security designs
• Maintain operational security posture for information systems
• Conduct STIG reviews and self-risk assessments
• Analyze system audit logs for anomalous activities
• Perform vulnerability scans and remediation
• Ensure effectiveness of cybersecurity-enabled products and controls
• Identify security gaps and recommend improvements
• Collaborate with government customers on ConMon activities
• Manage computer security incidents and vulnerability compliance
• Input and maintain documentation in Xacta
• Provide configuration management for security-relevant software, hardware, and firmware
• Conduct risk analysis for significant application/system changes
• Provide input for Risk Management Framework process activities
• Stay informed about cybersecurity trends and regulatory changes
• Engage in training and mentorship of junior staff
• Develop policies and guidelines for information security
• Conduct periodic security reviews and audits
• Collaborate with cross-functional teams to enhance security protocols
• Participate in incident response planning and execution
• Review and analyze threat intelligence data
• Advocate for security best practices across the organization

Requirements

• 8+ years of relevant job experience
• 10+ years of overall IT experience 
• FISMA and NIST compliance expertise
• Security Control Assessment (NIST SP 800-37, 800-53)
• Risk analysis and assessment methodologies
• Proficiency in Splunk
• Experience with Amazon Web Services (AWS)
• Familiarity with Xacta for documentation
• Strong written and verbal communication skills
• Experience in policy development for Federal/DoD Information Security
• Ability to analyze complex security data
• Familiarity with cybersecurity incident response procedures
• Knowledge of STIGs and vulnerability management
• Understanding of Continuous Monitoring (ConMon) practices
• Experience in identifying and mitigating security risks
• Strong organizational skills and attention to detail
• Ability to lead security reviews and audits
• Familiarity with risk management processes
• Ability to train and mentor junior staff
• Strong analytical skills for threat detection
• Knowledge of cybersecurity technologies and tools
• Understanding of OMB Information Security directives
• Experience developing and implementing security policies
• Understanding of FISCAM compliance

Education/Certification Requirements

• A Bachelor’s degree in computer science, software engineering, or other equally relevant field is required
• Active Security+
• CISSP
• CISA or equivalent (DoD 8570 IAM 2)

Clearance Requirements

• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; an active TS/SCI clearance with a CI poly that has been obtained in the past six years is required.