InCadence Strategic Solutions is a top technology company that provides cutting edge solutions, deep functional domain subject matter expertise, operational intelligence and high-end engineering services to our government clients.
InCadence Strategic Solutions is currently seeking an Information Assurance Engineer to support our customer in Alexandria, VA. An ACTIVE TS/SCI SECURITY CLEARANCE is required. The Information Assurance Engineer will be a member of a software engineering team sustaining a biometrics program. The selected candidate must be capable of applying security requirements to projects; analysis and implementation of Security Technical Implementation Guides (STIGs); continuous security monitoring activities to include: in-depth vulnerability scans, risk analysis, development of plans of action & milestones (POA&M). The IA Engineer will provide support to field service engineers to resolve immediate and critical findings in the theater of operations. The IA Engineer will be responsible for the following:
- Perform Information Security & Assurance assessments on the Information Systems requiring Type Accreditation. Perform manual review and automated scanning of the OS security and weekly patch assessments performed with the Assured Compliance Assessment Solution (ACAS).
- Ensure all platforms maintain 100% compliance with weekly critical findings (IAVAs) by conducting weekly vulnerability scans of systems using Security Content Automation Protocol (SCAP) Compliance Checker.
- Collaborate with developers and system administrators on security enhancements for future platform and software upgrades to maintain manual security settings at 90% compliance or higher.
- Address deployed units' specific technical issues to support their various OCONUS site accreditations.
- Manually review DISA Security Technical Implementation Guides (STIG) against applicable platforms to ensure systems meet DoD requirements, and support the type accreditation process and its associated reciprocity.
- Provide results of unresolved discrepancies to the customer for inclusion in that particular system's IA Plan of Action and Milestones (POA&M)
- Support the maintenance of a baseline of valid physical and virtual images.
- Must have knowledge of or be capable providing Government security policies and familiarity with security-related technologies and auditing tools, in addition to security engineering analysis on a variety of information systems.
- Support the development of security accreditation/certification documentation and create and maintain security policy and procedures.
- Perform security certification engineering analysis, vulnerability assessments, and risk assessments.
- TS/SCI CLEARANCE REQUIRED
- Candidate must possess a solid background in Windows systems administration and have documented experience in: Fault detection, isolation, and troubleshooting of Windows client and server systems.
- Fault detection, isolation, and troubleshooting of Windows client and server systems.
- Maintain the readiness of multiple client/server systems to support operation to include:
- Ensuring that operating environment equipment is operational
- Applying IAVAs as applicable to all servers, laptops, and mobile devices
- Verifying IAVA posture of servers with ACAS and SCAP
- Maintain physical servers and VMs.
- Conduct web application vulnerability assessments, network security assessments, server configuration reviews, firewall policy reviews and other security measures.
- Perform vulnerability, compliance scan analysis and validation in support of Continuous Monitoring and Assessment requirements.
- Recommend secure risk mitigation solutions and assist in providing engineering solutions to developers and integrators
- Bachelor’s Degree in Computer Science, Information Systems, Engineering, Business, or related scientific or technical discipline, and five (5) years of direct experience is required. Eight (8) years of direct relevant experience may be substituted in lieu of a degree. DoD 8570 certification is required.
InCadence Strategic Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.
- Utilizing Risk Management Framework, FISMA, Federal Information Processing Standard (FIPS) 199 and NIST Special Publications 800-37 and 800-53
- Utilizing Cyber Security Assessments and Management (CSAM) to record, manage, and assess common threats and vulnerabilities