Responsibilities
Expertise as an Information Assurance Engineer who possesses hands-on experience with performing security hardening, security engineering, security architecture review, and vulnerability scans specific to networks, web applications, web services, and cloud deployments. The Information Assurance Engineer provides technical hands-on support for vulnerability scanning, with an emphasis on device scanning, using Qualys, Nessus, and OpenVas. Additionally, the Information Assurance Engineer must configure, manage, and operate the vulnerability scanning tools as required. The Information Assurance Engineer must have experience working with obtaining and maintaining ATO approvals.
Essential Functions
- Obtain and maintain ATO approvals by ensuring adherence to the RMF process.
- Implement and manage continuous monitoring programs to assess the ongoing effectiveness of security controls.
- Provide insight on Risk Management Framework (RMF), and NIST 800-53 technical controls implementation.
- Support adherence to RMF requirements outlined in standards like NIST SP 800-53, NISPOM, and STIGs.
- Perform security hardening and configure the information system, based upon STIGS and security requirements.
- Develop and manage System Security documentation, including System Security Plans, Plans of Action and Milestones (POA&Ms).
- Responsible for the provisioning, deployment, configuration, and administration of information security systems, including security monitoring, endpoint protection, identity and access management, vulnerability management and incident response.
- Design and drive security projects and initiatives, to ensure ongoing compliance with approved policies and regulatory requirements.
- Assist in the architecture, implementation, management and enhancement of technical security capabilities
- Provide remediation guidance to system owners and stakeholders.
- Use expertise to provide mitigation strategies to help remediate vulnerabilities.
- Continually maintain the health of vulnerability scanning tools and ensure they are operating as expected.
- Provide technical guidance to the Risk Management Team and other stakeholders.
- Provide support to the Incident Response and Investigation Teams when called upon.
- Preform tool upgrades, updates, and patches as necessary.
- Conduct baseline configuration compliance scanning and correct configuration issues to ensure compliance with agency configuration requirements.
Qualifications
- Education: Bachelor’s degree in Management Information Systems, Cybersecurity, Computer Science, Computer Engineering, or related field
- 5 plus years of cybersecurity and information assurance expertise
- Certifications Preferred: Security +, CEH. CISSP
- Knowledge of System Security Life Cycle
- Strong ability to research technical issues and suggest resolutions
- Knowledge/experience with security related applications and automated tools is desirable
- Has strong written and verbal communication skills.
- Experience with STIGS, Enterprise Networks, and systems.
- Experience with Enterprise security log collection and management.
- Experience with Vulnerability Management lifecycle including Discover, Prioritize, Assess, Report, Remediate, and Verify.
- Has ability to adapt to the changing needs of a project.
Job Type: Full-time
Pay: $94,539.00 - $102,374.00 per year
Benefits:
- Dental insurance
- Health insurance
- Life insurance
- Paid time off
- Vision insurance
Compensation Package:
- Bonus opportunities
- Performance bonus
Schedule:
Ability to Commute:
- Tampa, FL 33621 (Preferred)
Ability to Relocate:
- Tampa, FL 33621: Relocate before starting work (Preferred)
Work Location: In person
