Senior Information Assurance Engineer
The Computer Merchant, LTD.
Job Title : Senior Information Assurance Engineer Location: San Jose, CA Wage Range: 83-105.48 hr Job Number: 22-02058 Job Description: Our client, a large defense contractor, has an immediate opening for a Senior Information Assurance Engineer to work from their San Jose, CA facility. The Senior Information Assurance Engineer interacts with clients to recommend and provide information assurance solutions including, supporting certification and accreditation activities, developing verification procedures used in risk assessments and security tests and evaluations, and developing various security documentation in compliance with Information Assurance policy. Qualifications: Requires a Bachelor's degree in Engineering, or a related Science or Mathematics field. Also requires 8+ years of job-related experience, or a Master's degree plus 6 years of job-related experience. CLEARANCE REQUIREMENTS: Department of Defense TS/SCI security clearance is required at time of hire. Applicants selected will be subject to a U.S. Government security investigation and must meet eligibility requirements for access to classified information. Due to the nature of work performed within our facilities, U.S. citizenship is required. Qualifications:***The candidate will ensure that security requirements: NIST 800 SP-37, NIST 800-53, ICD 503, and CNSSI 1253 for the systems will be met*** -Interpret NIST 800-53/CNSS 1253 to implement information assurance practices within a hosted application environment -Proactively collaborate with various stake holders on these changes and their impact -Engage with the various projects to ensure the NIST 800-53 is part of the engineer design for each application -Collaborate with team members on implementing advanced security solutions to meet the customer's mission -Follow industry and Client trends and developments to ensure engineering project's security services are consistent with, and/or superior to, industry best practices -Document certification and accreditation activities using the prescribed templates by collaborating with engineering projects -Conduct and mitigate vulnerability and compliance assessments on various operating systems, Internet browsers, web servers, databases, network, and peripherals devices -Team with security members to delivery a robust and repeatable security approach -Proactively check software dependencies for changes in cyber approval status -Decompose cyber requirements to applicable implementation requirements or recommendations to the development staff. KNOWLEDGE SKILLS AND ABILITIES: -Experience with performing IAVA remediation and maintaining compliance on various Windows and Linux-based systems -Strong use and understanding of systems engineering concepts, principles, and theories -Strong understanding of cyber security specifications such as Risk Management Framework(RMF), STIGs, SRGs and other government security specifications and guidelines -Strong knowledge of cyber security technology and trends -Recognizes and incorporates various security designs and lessons learned -Strong written and verbal communications skills -Effective in communicating issues, impacts, and corrective actions as they affect the cyber design and implementation -Strong ability in reporting relevant cyber systems engineering design -Regular contact with senior levels of security work groups -Works under limited direction -Contact with project leaders and other professionals within the Engineering department and with project teams -Frequent contact with the external customers' security professionals -Creative thinker, good multi-tasker REPRESENTATIVE DUTIES AND TASKS: -Conducts security assessments using DoD STIGs/SRGs and ensure compliance -Maintains security controls and baselines using Xacta, SNOW or eMASS tool -Performs security requirements analysis, security requirements definition, system security design, security architecture generation, security trade studies, and security verification and validation with little or no supervision -Performs security planning, cost and risk analyses for the program security activities -Performs customer security requirements analysis, develops system security requirements and defines allocations to lower levels (subsystem, elements and components) -Contributes to detailed security analyses at the system of system (SOS) level -Synthesizes security solutions within the context of the system to meet customer expectations while staying within schedule and cost constraints -Researches and analyzes data, such as vendor products, COTS components, GFE/CFE, specifications, and manuals to determine security of design -Effectively chooses the appropriate standards, processes, procedures, and tools throughout the system development life cycle to support the generation of the security engineering products -Executes the execution of the development of program required security documentation, including items such as security plans, contingency plans, and security tests plans and procedures in compliance with the IA policy -Supports the Assessment and Authorization (A&A) (or Certification and Accreditation (C&A)) activities and the generation of the documentation for the program -Executes the security testing and evaluation to ensure the correct implementation of security requirements -Executes security scanning and the analysis of the scan results -Assesses and mitigates system security threats and risks throughout the program life cycle Equal Opportunity Employer Veterans/Disabled * While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions.