Job ID 2022-4996 IA Engineer - Security Controls Assessor (SCA)
Washington, DC, USA
Job ID 2022-4996
OBXtek is looking for an Information Assurance Engineer (IAE) - Security Control Assessor who will be responsible for assessment and authorization (A&A) activities for Treasury systems, as well as assist and advise system and application developers in the design and development of secure systems architecture in accordance with National Institute of Standards and Technology (NIST) 800 series and Department guidelines.
The duties will include but not be limited to the following tasks:
Serve as the primary security lead for High, Moderate, and Low impact systems that support Treasury applications.
Tests the required security controls monthly and drives the overall A&A life-cycle process in accordance with the Department of the Treasury System Development Life-Cycle (SDLC) and includes the following functions:
Provide guidance to COR, IT Director and System developers as it related to the A&A process using both the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Department guidelines.
Assist and advise System owners and System developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements.
Gathers required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demos, assessing system security categorization levels, establishing system security control baselines, and acting as a security advisor to the COR during the security controls implementation.
Develop and update the SCA.
Monitor the assigned system weekly. In order to maintain an open line of communication, the IAE conducts weekly or monthly meetings with COR and developers.
Schedule and facilitate boundary meetings, RMF kick-off meetings and POA&M meetings.
RME review, monitor, and report POA&M status to all stakeholders including PM, ISSO, ISSM, System Owner, System Development Team, and System Operation Teams.
Analyze Configuration Change Requests (CCRs) by conducting a security impact analysis initiating required actions to maintain security posture and ATO status.
Must be a US Citizen and have a current/active Top Secret security clearance.
Immediate family members must also be US Citizens (immediate family is defined as Mother, Father, Brother, Sister, Spouse, Children, or co-habitant).
* 2 years of experience within the field of IT Security.
* Proficient writing and communication skills.
* Knowledge of FISMA Compliance and NIST guidelines including Risk Management Framework, SP 800-53, and SP-800-53A.
* A technical understanding of IT security as it relates to network, application, and database security.
* Knowledge of security compliance processes.
Desired Experience & Education:
CAP/ Sec+ or equivalent IAM/IAT level II Certification, other IT and Security related Certifications
Bachelor's Degree in Computer Science, Information Technology, or related field preferred or equivalent experience.
Top Secret with SCI eligibility
Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People...Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.
We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.
As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.
OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
OBXtek is a human-driven cybersecurity, logistics, intelligence, and information technology company that pledges excellence and honesty throughout our engagements. OBXtek's accomplished teams have an established reputation for consistently and efficiently achieving goals for our portfolio of federal government customers.