Cyber Information Assurance Specialist, Senior

Key Role:

Conduct technical security compliance reviews of large and complex organizational network infrastructure, applications, and platforms and identify potential security issues in accordance with NIST SP 800 series and DoD Security Technical Implementation Guides (STIGs) using both manual and automated assessment methods. Use vulnerability scanning tools and translate those results into report findings. Analyze system configuration settings against industry best practices and client-approved baselines to identify potential security issues, review and evaluate security findings, and make recommendations for remediation. Contribute to presentations, participate in debriefs to represent security interests, interpret FISMA requirements, and propose actionable solutions necessary to assist the client with meeting those requirements. Comprehend and apply experience with federal agency FISMA compliance requirements, NIST, emerging Cybersecurity trends, challenges and solutions to the modernization of legacy systems, and industry best practices. Apply knowledge to security implementation of information systems against NIST 800-53 and 53A security controls, test system technical security configuration settings, review Nessus scan results for compliance with industry standards, support secure code reviews, and architect and design security applications, as necessary.

Basic Qualifications:

-8+ years of experience in an information security role

-5+ years of experience with supporting federal FISMA requirements

-Experience with executing NIST 800-37, NIST 800-39, and NIST 800-53

-Experience with network security, vulnerability management, Assessment and Authorization (A&A), and incident response

-Experience with network, server, and application scanning tools, including Tenable Nessus, and NGS Squirrel

-Experience with static code analysis tools, including Fortify and IBM AppScan

-Ability to analyze information system configurations and technical specifications against security control standards and identify deficiencies and remediation strategies

-Ability to obtain a security clearance

-High School diploma or GED

-8500-Compliant Certification

Additional Qualifications:

-Experience with Microsoft Office, SharePoint, or Project Server

-Knowledge of emerging security policy, governance, and continuous monitoring technologies

-Knowledge of security for the following platforms: Windows, Oracle, SQL Server, Cisco IOS, firewalls, and encryption technologies, including VPN, TLS, and SSL

-Knowledge of FIPS 199 and FISCAM

-Ability to support the translation of vulnerability scan results into findings aligned to NIST SP 800-53 Revision 4 security controls

-Ability to multi–task, set and follow priorities, and deliver timely products

-Ability to speak in front of technical and non–technical audience members

-Possession of excellent oral and written communication skills, including technical writing preferred

-BA or BS degree in a STEM field preferred

-CISSP Certification preferred

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.