Information Assurance Engineer

Job Description

Job Description

Salary :

This is an Information Assurance Engineer position for supporting a DoD program located in Quantico, Virginia.

Overview :

We are seeking an Information Assurance Engineer to join our team of committed technical professionals to protect those who serve against criminal, terrorism and emerging threats.

Are you passionate about analytics and innovation? Our employees enjoy a fast-paced, collaborative culture and the ability to directly impact our business.

DoD TS / SCI clearance is required to start.

You will work with a high-achieving team to design and deliver high-quality technical solutions. You will be responsible for maintaining functional and technical knowledge of mission systems for the organization, with a focus on leveraging technology to support business needs.

You will identify technical issues and opportunities for efficiency and provide technical insights through system design and configuration perspectives.

This role is both challenging and rewarding.

How you will make a difference :

• Supports all authorization package ACAS related tasks assigned to ISSEs and NQVs. The goal is to provide the required artifacts IAW the Navy Testing Guidance and Risk Management Framework (RMF) Process Guide required for the submission of an RMF Authorization package.
• Performs 90 Day Baseline Scans for each Authorization package in accordance with Navy requirements; provide Detailed Vulnerability List (DVL) Reports for use in the eMASS record;

provide ACAS Summary Reports in accordance with the Navy Testing Guidance.

• Conducts weekly and As Needed ACAS scans in support of RMF STEP 3 / STEP 4 processes, vulnerability assessments and queries specifically targeting authorization package assets;
• support continuous monitoring for authorized packages and report vulnerability status of all active Enterprise Security packages;

create asset lists using provided hardware lists.

• Performs risk analyses of computer systems and applications during all phases of the system development life cycle using the Assured Compliance Assessment Solution (ACAS) tool.
• Initiates Enterprise Mission Assurance Support Service (eMASS) registrations, prepares, processes, updates and monitors RMF Assessment and Authorization (A&A) packages;

ensures A&A packages are evaluated and maintained in a compliant status; implements and validates A&A packages to ensure security controls and vulnerabilities meet DON RMF authorization compliance requirements.

• Performs all RMF STEPS and processes required to obtain Authorization to Operate (ATO) for multiple classified and unclassified systems.
• Designs, develops, engineers, and implements cybersecurity solutions that meet DON security requirements.
• Responsible for ensuring the integration and implementation of computer system security meets Navy compliance requirements.
• Identifies test requirements and tools based upon system architectures.
• Develops, reviews and implements security test plans and procedures.
• Establishes and satisfies system-wide information security requirements based on analysis of user, policy, regulatory, and resource demands.
• Supports the Government Cyber Security Managers in the development and implementation of cyber security doctrine and policies.
• Manages and maintains A&A packages using eMASS and XACTA tools.
• Reviews and assess system engineering documentation, (CONOPS, Contingency Plans, and installation and configuration specifications) to ensure security compliance and to identify security risks.
• Prepares briefing slides, status charts and support documentation for presentation to the client.
• Reviews and assess system diagrams for accuracy, consistency and traceability to hardware, ports, protocols, and services (PPS) and authorization boundaries.

Qualifications :

• 7+ years of experience in the systems security discipline with specific emphasis on Navy Cybersecurity practices.
• Must meet or exceed OPNAVINST 5239 requirements to be certified as a Navy Qualified Validator or must be certified within six months of start date.
• Experience in the development of RMF Assessment and Authorization (A&A) Security Plans (SP), System Level Continuous Monitoring (SLCM), Ports, Protocols and Services Management (PPSM), Host Based Security Systems (HBSS), Assured Compliance Assessment Solution (ACAS) vulnerability scanning.
• Experience with Enterprise Mission Assurance Support Service (eMASS) tools.
• Experience preparing, processing, assessing, validating, and maintaining RMF A&A packages using eMASS and XACTA tools.
• Must have experience with using public key-based technologies for applications.
• Security+ certification or equivalent.
• TS / SCI clearance level at start.

About Inventium.io :

Inventium.io LLC is a technical consulting and software development services company dedicated to protecting and advancing our national defense and scientific capabilities.

Based out of the Washington DC area, we rely on innovation to continually advance our employees' skills and provide digital transformation solutions to our customers.

With proven records of successfully delivering quality services and solutions to multiple federal agencies, our technical competencies include Emerging Technology Solutions, DevSecOps, Cloud Migration, Machine Learning, System Modernization, and Technology Management.

Benefits and Perks

• Employer paid Health Benefits (Medical, Dental and Vision)
• Retirement Plan
• Paid Time Off and Federal Holidays
• Training and Development
• Awards and Recognition
• Employee Referral Program

Inventium.io is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.