Job Title: Information Assurance Engineer

Location: Charleston, SC

Position Type: Full-time/Permanent

The System Security and Compliance Analyst will work within the customer ISSO and Compliance Lead, as well as the project team to support the development and administration of the activities related to information security processes, technology management, risk
assessments, and employee security awareness. This person will be involved in designing/implementing procedures and controls that are necessary to ensure and protect the safety and security of information systems assets, including prevention of intentional or inadvertent
access, modification, disclosure, or destruction. The System Security and Compliance Analyst will also research, recommend, and implement changes to procedures and systems to enhance information systems security.

The Information Assurance Engineer would be responsible for the following:

* Conduct the system assessments in accordance with NIST SP 800-53 Security Control List, which includes physical security controls, and user interviews
* Coordinate and assess vulnerability testing on major applications and infrastructure
* Develop, implement, and execute a security and controls assessment test plan
* Create detailed assessment reports which include detailed system overviews, risk analysis calculations and findings matrix
* Conduct program compliance reviews to ensure compliance with Federal policies
* Update and maintain existing Standard Operating Procedures (SOPs) and create new SOPs as needed
* Review existing policy documents on a recurring basis to ensure they remain in compliance with federal policies and regulations
* Conduct document reviews of NIST, OMB, FISMA, policy, and vendor publications related to enterprise technologies and recommend changes to customer policy and procedures affected by new guidance
* Assist the Project Manager to incorporate approved changes in the policy and other applicable documents.
* Maintain, as required a repository for all system certification documentation and modifications.
* Coordinate IS security inspections, tests, and reviews.
* Responsible for ensuring the security architecture design is appropriate for business needs and meets industry best practices and regulatory compliance standards.
* Conduct periodic information system audits, log analysis, and procedural reviews to verify compliance with the security policies.
* Coordinate periodic reviews and inspections as established in the certification and accreditation documentation.
* Ensure that all security-related documentation is current and accessible to properly authorized individuals.
* Provide formal notification to the ISSO when changes are planned that may impact the approved security posture or the associated certification and accreditation.
* Ensure that system security requirements are addressed during all phases of the system life cycle.
* Exercise programmatic responsibility for compliance in support of Security High rating for the Production application environments.
* Ensure, through mentoring and coaching of Production Operations Support team, all security and confidentiality requirements are understood.
* Shepherd issues found during routine scans through a mitigation process.
* Lead systems and research program development of data management processes that address security and confidentiality compliance requirements. Develop and implement action plans to effectively mitigate top risks.
* Direct the administration of security policies, activities, and compliance to FISMA control standards.
* Coordinate implementation of enterprise security controls and training activities.
* Develop long term data protection strategies.
* Lead Team level incident response activities to contain, investigate, prevent future information security breaches with respect to PII.

Minimum Requirements:

* Must be a U.S. Citizen and able to obtain a Security Clearance.
* Must live in the Charleston, SC area.
* Experience in system assessments for Federal IT systems.
* 7+ years experience in the Certification and Accreditation process with a full understanding of the System Development Life Cycle and FISMA process is required.
* Must have strong familiarity with NIST.
* Experience conducting vulnerability testing on UNIX, Solaris and Linux based systems.
* Experience writing, reviewing and understanding system security plans (SSP), network diagrams, standard operating procedures (SOP)s, and system design documents (SDD).
* Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or similar security professional certification desired.
* Demonstrated oral/written communications, and client facing skills.
* Must have or be able to obtain a Public Trust clearance and pass a customer-specific suitability screening.

In addition candidate must exhibit the following:

* Candidate MUST have extensive experience working in structured change management processes for highly available enterprise systems.
* Strong interpersonal and relationship building skills conducive to team development.
* Ability to perform needs assessment and determine technical objectives.
* Strong Leadership skills.

Apply Now