Position Title: Information Assurance Systems Engineer - Fully Qualified, Level Navy Validator
Work Status: Full-Time, on-site
Location: Coronado, CA
Clearance: Secret
Requisition Number: IASE-001-CU-SD
Summary:
The Information Assurance Systems Engineer (IASE) will provide RMF Package Development for all Stand-a-lone Networks, Stand-a-lone computers and related systems. The IASE will be responsible for the preparation of ISs packages under strict adherence to RMF standardized processes and templates, and to submit completed packages for certification and accreditation; monitoring and verification of RMF compliance of existing IS systems in accordance with DISA-approved Information Assurance controls; and Contingency Plan maintenance.
The candidate will complete all required validator tasks for one or more Security Authorization Packages through the SCA and have in-depth familiarity and understanding of Navy IT sites, systems and infrastructure. The IASE shall possess a thorough understanding of Navys AandA process. The IASE will conduct RMF Plan Compliance Verification and provide mandated RMF Plan Contingency Plan review and monitoring of systems.
Responsibilities:
Conduct security assessments of system security plans to help ensure that plans provide security controls for information systems that meet stated security requirements.
Conduct comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
Ensure compliance of security configurations for IT systems and aid in providing clear and concise processes and procedures for the implementation and enforcement of system security configurations.
Support the risk management process by helping to determine and assign risk impact ratings in accordance with Information Assurance standards guidelines and methodologies and by aiding in the development and maintenance of Plans of Action and Milestones (POAandMs) for IT systems identified in the Risk Management Framework (RMF) process and annual security assessments of IT systems.
Provide assessments of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities and prepare the security assessment reports containing the results and findings from system security assessments.
Demonstrated knowledge and experience of IA / INFOSEC concepts and requirements: Firewall Policy, Ports and Protocols, Cybersecurity, Cybersafe.
Knowledge of the DOD AandA process and standards: DIACAP, RMF.
System/network vulnerability analysis.
Risk assessment and risk mitigation analysis.
Security Test and Evaluation (STandE).
Knowledge and experience of the Defense Information Systems Agency published Security Technical Information Guidance (STIG) requirements and implementation/compliance process.
Knowledge of virtualization, networking, Windows and Linux Operating Systems, and storage and backup.
Possess strong oral and technical writing skills.
Possess extensive knowledge of the US Government Information Assurance Security Processes.
Knowledge of Information Assurance policies and procedures, and processes are also desired.
Practical experience in Cybersecurity, Engineering, TandE or AandA.
Requirements:
Bachelor's degree or AA/AS in Information Assurance or InfoSec field
S:WWSKMED GPSMALLB