Information Assurance Analyst/ Security Engineer 4- TS/SCI
US Citizenship Required for this Position:Yes
Number of Openings:1
e-Sci Corporation is seeking an Information Assurance and Security Engineer to promote lA integration, manage security compliance, and provide security design and implementation strategies for a suite of Intelligence Community programs in the Reston, VA area.
Specific duties include but are not limited to:
• Provide IT security consulting providing recommendations on improvements to existing projects for security best practice and compliance based on CNSSI 1253, lCD 503, NIST SP
800-53 Rev.4, and other agency directives and instructions.
• Have expert-level understanding of lCD 503 transition requirements and NIST 800-53 Rev. 4 security controls, including knowledge of DCID 6/3
• Contribution at the executive level, system functional leadership, technical leadership, system architecture, design, development, and testing
• Lead or manage RMF steps 1-6 and manage the integration of security into the program SDLC
• Draft all formal security documentation for each system's security controls assessment, including security plans and implementation documentation
• Management of POA&Ms through ISSO responsibility
• Provide ISSO support for multiple systems including the review of audited security events for the identification of security relevant impacts and potential insider threats and policy violations.
• Perform risk analysis and risk management
• Draft system security test procedures
• Conduct Privacy Impact Assessments, and Information System Contingency Plan development is also required
• Perform vulnerability scanning of development systems and brief results and
mitigation/correction approaches to technical stakeholders
• Bachelor's Degree and 9 years of WIS experience, Master's degree and 7 years, AS/AA and
II years, 13 years of experience may be considered in lieu of Degree.
• Active/current Top Secret/SSBI clearance with the ability to obtain TS/SCI access (TS/SCI Preferred).
• Must have Security+ certification
• Knowledge and experience with the implementation of NIST SP 800-53, DCID 6/3, lCD 503, and other IC Standards relating to information security
• Experience with ACAS, including Nessus, WASSP, and SECScan assessment tools.
• Experience and working knowledge of database security
• Experience with Windows and LINUX platforms
• Must have 8570 Certification: either lAT ill,lAM ll, IASAE IT (CISSP, CISM or CASP)
• Experience with XACTA for security package compilation and POA&M management
• Experience implementing application security utilizing cloud services including AWS, PAAS, and FEDRAMP implementation.
• Knowledge of Apache Servers and/or WebLogic
• Experience security web application and the development of web services (i.e. REST/SOAP, JAX-WS, WSDL etc)
e-Sci Corporation is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.