Information Assurance Engineer / Security Analyst
** Must have at least Active SECRET Security Clearance to be eligible for the Position **
The qualified applicant will become part of our Information Assurance (IA) team. The IA Engineer / Security Analyst will perform a broad range of IA activities associated with maintaining and enhancing the security posture and maintaining the system's Authority to Operate.
- Work hand in hand with the IASE Information System Security Manager (ISSM) on-site at DISA’s Ft Meade Headquarters (HQ).
- Develop accreditation package to transition SharePoint 2010 portal from DoD Information Assurance Certification and Accreditation Process (DIACAP) to DoD Information Assurance Risk Management Framework (RMF).
- Identify all parent controls, children and inherited across the IASE portal’s Public/Amazon Web Services (AWS), FOUO/NIPR, Secret/SIPR and REL networks.
- Configure, document and record all controls in DISA’s Enterprise Mission Assurance Support Service (eMASS) system
- Configure the IASE portal for compliance for all CAT I vulnerabilities
- Configure the IASE portal or justify, document and record in eMASS for all CAT II and CAT III vulnerabilities
- Conduct ongoing monitoring of compliance with required IA controls and annual artifact updates
- Coordinate with network locations and personnel to include AWS and Defense Enterprise Computing Center (DECC) Oklahoma City (OKC).
- Ensure compliance through regular IAVM reporting
- Obtain and maintain CMRS, ERS, CMRS, DITPR and PPSM accounts
- Assisting with the directing and/or facilitating vulnerability scans of system components using DoD-approved vulnerability scanning tools such as the Assured Compliance Assessment Solution (ACAS), WebInspect, and the Defense Information Systems Agency (DISA) Security Content Automation Protocol (SCAP) Compliance Checker
- Developing/maintaining security plans and supporting standard operating procedures as required to maintain the security posture and ensure compliance with required DoD IA controls
- Actively supporting the system development lifecycle through participation in requirement, design, and other lifecycle milestone reviews to ensure security and IA interests are appropriately addressed and through active participation in change control processes
- Assessing the security impact/risk of proposed changes to the system, software, or architecture to ensure the security posture is maintained as the system continues to evolve
- Supporting security incident analysis, reporting, and response activities as well as conducting training and exercises related to incident response
- Maintaining and implementing access control procedures, including approving account requests, performing periodic audits of existing accounts, and authorizing and monitoring access to data center facilities
- Assisting in the identification of corrective actions for identified vulnerabilities; developing plans of actions and milestones (POA&Ms) and/or risk assessments for identified vulnerabilities, and working with the Operations team to track the execution of corrective actions and POA&M items to completion
- Must hold and maintain a qualifying IA certification for an Information Assurance Management (IAM) Level II position defined in DOD 8570.01-M: Security+/CASP
- Must have an understanding of DoD and RMF requirements as well as commercial best practice for Cloud Computing
- Must be willing to travel to DISA’s Ft. Meade, MD HQ
- Must be able to obtain and maintain an eMASS account
- Excellent written and oral communication skills
- 1 - 3 years of IA /Security Engineering experience required.
EDUCATION LEVEL: Minimum Bachelor’s degree in computer science or equivalent field
Company Overview: Business Computers Management Consulting Group, LLC (BCMC) is an 8(a) Small Disadvantaged Business specializing in Information Technology (IT), Cybersecurity, Information Assurance (IA), SOA, Big Data Management, Program Management, and more for Federal, State, and Local agencies. We are appraised at CMMI Level 3 and ISO 9001:2015 certified and registered promising highest quality to all of our clients.