***This job requires active TS/SCI clearance. Please apply only if you have an active TS/SCI clearance. ***
North Point Technology is looking for a TS/SCI Cleared Information Assurance Engineer to support a critical mission out of Springfield, VA.
The Information Assurance (IA) Engineer will provide information security services. As a member of the program’s IA staff and under the direction of the IA Lead the individual will support activities to actively manage, track, execute, coordinate and report all tasks pertaining to the Assessment and Authorization (A&A) to include the generation, delivery, and maintenance of the system security bodies of evidence as defined in the NGA Risk Management Framework (RMF).
Engineer must be able to perform ACAS and HP Fortify scans, implementation of DISA STIG's, and create Body of Evidence (BOE) documentation. The candidate will also be expected to assist in system hardening, security testing and tracking POAM items until corrective actions are in place. These requirements will also require a candidate who is hands on in the day to day security tasking, creating STP's, network drawings and working with SME's to ensure the system or applications are as secure as possible based on ICD 503 requirements.
Basic qualifications include:
- Experience with Risk Management Framework (RMF) implementation across multiple phases of a large program.
- Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 years of professional experience; or 3 years of professional experience with a related Master’s degree.
- Experienced with generating and maintaining ICD 503 Security Body of Evidence (to include): System Security Plan (SSP), all required appendices, attachments, system test procedures (STP), security control traceability matrices (SCTM), security assessment results, and Plan of Action and Milestones (POA&Ms).
- Current DoD 8570 IAT Level II Certification (CISSP Certified) Active CISSP certification (or can acquire within 6 months of joining the program)
- Version 1
- Familiarity / Knowledge of Commercial Cloud Services (C2S), OS Security (Windows Server through 2012, Red Hat Linux), Firewalls, ArcSight (audit collection and review), Tripwire, Host Based System Security, Networking (Active Directory Auditing), and Network Intrusion Detection.
- Ability to use ACAS to perform vulnerability scans.
- Ability to perform / analyze STIG compliance scans, executed with ACAS STIG scans.
- Knowledgeable of NGA’s Assessment and Authorization (A&A) process and requirements
- Familiarity / Knowledge of NIST 800-53, source for IA security controls.
- Excellent verbal and written communication skills.
- Follow open source InfoSec news sources to be alerted of vulnerabilities in software and applications used by the program to proactively push product owners to upgrade versions of applications prior to discovery by ACAS.
North Point Technology is THE BEST place to work for curious-minded engineers motivated to support our country’s most crucial missions! We focus on long term projects, leveraging the latest technology in support of innovative solutions to solve our customer’s most difficult problems. At North Point Technology, EMPLOYEES come first! We value our employees by providing excellent compensation, benefits, and a flexible work-life balance. We strive for a close-knit and open atmosphere where the owners are always directly available to our team members. Come join us! Apply with North Point Technology today!