Information Assurance Engineer - Tampa, United States - Agile IT Synergy

Description

Agile IT Synergy, LLC is a Subject Matter Expert (SME) based technology company focused on innovative engineering and integration of relevant technologies combined with effective business practices to deliver complete solutions that meets customer mission needs. We are in search of customer focused professionals with a passion for solving difficult problems and exceeding our customer's expectations.

The successful candidate for the Information Systems Security Manager (ISSM) position is responsible for defining, implementing and maintaining information security policies, strategies, procedures and settings within the supported environment. The ISSM serves as a principal advisor on all matters, technical and otherwise, involving the security of information systems under his/her purview. In addition, the ISSM collaborates with customers during the design and development phase to translate security and business requirements into achievable processes and systems. The ISSM is responsible for the overall Cybersecurity/Information Assurance (IA) of a program, organization, system, or enclave within AIT Synergy's highly dynamic and fast-paced environment.

Job Responsibilities:

+ Maintain and/or obtain systems accreditation and authorization for defense information systems and advise government Delegated Authorizing Official (DAO) as required.

+ Support RMF and information assurance (IA) support for continuous monitoring in accordance with applicable DoD policies.

+ Support industry partners and government agencies in the Risk Management Framework (RMF) Step 6 Phase, Continuous Monitoring, for major defense information systems.

+ Support deployment and accreditation of mission owner workloads in commercial cloud IaaS, PaaS, and SaaS environments.

+ Support continuous updates and plans of action and milestones (POAMs) as required for maintaining assigned DoD information systems

+ Maintain systems for compliance with CNSSI 1253 at the Confidentiality, Integrity, and Availability of Moderate Low Low

+ Maintain documentation and engineering artifacts for mission representative System Integration Labs (SIL) to remain as like-in-kind for other deployed or potentially deployed systems.

+ Maintain system security plans currently in XACTA or EMASS as required on JWICS

+ Follow assigned DoD interface control documents (ICD), RMF Implementation Guides, and other assigned directives for any updates and POAMs, and collaborate with government and industry partner representatives as directed in the coordination of these duties.

+ Assist in the preparation of Contract Data Requirements List (CDRL) documents that are required to be reviewed and updated annually, and submit to the government for

review/approvals. Examples include Security Concept of Operations, Incident Response Plan, Continuous Monitoring Plan, Configuration Management Plan, Contingency

Plan, Ports, Protocols, and Services (PPS) Plan, and Program Protection Plans.

+ Complete and process scans through Vulnerator or other applicable IA tools as directed. Perform analysis on the POAM from that report and compare it to the previous report. Develop

the appropriate mitigation efforts and estimated completion dates and update the POAM that natively resides in XACTA. Update POAMs at intervals assigned by the government.

+ Monitor quarterly service bulletins, and update program software lists with any version changes as required. Ensure that these bulletins are tracked and coordinated with designated engineering staff as required.

+ Maintain compliance with directed mission-specific DoD processes (e.g. Certificate to Field (CtF), Security Impact Analysis (SIA) and others as assigned).

+ Coordinate with designated Engineering and Management to ensure that the program source code for software and virtual machines (VM) created for any major version changes is reviewed and delivered to the government for Certificate to Field (CtF) or Authority to Operate (ATO) approval.

+ Ensure that software that is third-party and proprietary follows the scan-load-scan process, and the pre-scan and post-scan results are sent to the government for CtF/ATO approval.

+ Utilize government agency available sites to locate already approved CtFs/ATOs, and submit to applicable DoD agencies for reciprocity on specific assigned tasks as required.

+ Utilize current and past experience with any other relevant DoD agencies and programs to recommend reciprocity strategies for faster approvals where necessary or available.

+ Maintain hardware and software lists which are required to be uploaded to XACTA.

+ Provide all supporting documentation for the Body of Evidence, and submit to government agencies for all baseline changes following the CtF and SIA processes. Examples include hardware/software lists, data flow processes, network diagrams, PPS, rack elevations, high-level design document, scans, etc.

+ Update the PPS document that resides on varying networks of classification, and register any changes with the PPS Manager.

+ Assist with providing information assistance for any Interconnection Security Agreement (ISA), Service Level Agreement (SLA), Memorandum of Understanding/Agreement

(MOU/MOA) as well as any authorities to connect (ATC) between agencies.

+ Submit tickets to get Radius Profiles created for any external consultants requesting remote VPN access to assigned test labs and platforms.

+ Manage and maintain all system access documentation as well as all paperwork for external stakeholders accessing assigned test platform areas or systems.

+ Support any customer meetings to include weekly tag-ups and Configuration Control Board (CCB) meetings.

+ Ensure successful implementation of two-factor authentication and incorporate these standards as required.

+ Implement and support continuous updates for Security Information and Event Management tools offering a holistic view of designated information security programs.

+ Recommend strategies to streamline more efficient RMF processes through the reduction in scan duplication.

+ Perform any other IA or cybersecurity activities as required by the government customer within the scope of the efforts and hours provided for each assigned task.

Education

+ Bachelor's degree in Systems Security, Network Engineering, Information Technology or other related field of study and typically 6 - 8 years of experience. Relevant experience and years of service may be considered in lieu of required education

Experience/Qualifications:

+ Active DoD Top Secret Clearance with SCI eligibility required.

+ Experience with software systems such as Splunk or ELK (other SIEM), ACAS / Nessus, HBSS, eMASS, Xacta , or ServiceNow

+ General technical understanding of virtualized and hyper scale environments like Amazon Web Services (AWS) and Azure Cloud.

+ Experience in successful submission of RMF packages for commercial cloud (AWS, Azure, Google, etc) environments.

+ Expert familiarity with the DISA Commercial Cloud Security Requirements Guide.

+ Leadership abilities inclusive of successful change management, mentoring, career development, training, succession planning, holding people accountable, and conducting yearly reviews

+ Experience with A&A requirements as outlined in the NISPOM, RMF for DOD, ICD 503, JSIG & NIST RMF

+ DoD 8570/8140 compliance required: CISSP and/or other equivalent advanced certifications preferred

+ Experience in dealing with high-level interfaces at Defense Information Systems Agency (DISA), National Security Agency (NSA), and other DoD COCOMS.

+ Proven verbal and written communication skills.

+ Proficiency with Microsoft Teams, Outlook, Word, Excel, and PowerPoint.

+ Ability to handle multiple, complex and competing priorities and projects.

Employment Type

Full-Time

Minimum Experience

Mid-level