Cyber Security Assessment and Authorization (A&A) Engineer

Cyber Security/Information Assurance A&A Engineer is responsible for security processes and implementation supporting a large DoD customer on a new multi-year contract.   

Position Overview: 

The A&A Engineer will perform, review, and conduct technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies to the team. Greater detail is provided below.

As a member of a team supporting a fast moving program for multiple customers and/or projects in the agency, the A&A Engineer will execute tasks and support for various services projects.

The A&A Engineer will be expected to regularly perform work using their expertise in Information Assurance, specifically A&A, and demonstrate their ability to work either individually or as part of a team to address tasks.  The A&A Engineer may work directly with Customers as well as perform occasional support on related projects.

Responsibilities:

• Validates and verifies system security requirements definitions and analysis and establishes system security designs for controls.
• Designs, develops, implements, and/or integrates IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
• Builds IA into systems and services deploying into operational environments at multiple classification levels
• Assists architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.
• Enforces the design and implementation of trusted interfaces among external systems and architectures.
• Assesses and mitigates system security threats/risks throughout the program life cycle.
• Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
• Creates and reviews A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content.  Develops and executes Security Test Plan (STP) in close cooperation with team members.

Knowledge, Skills and Abilities:

• Expert knowledge and experience in A&A with DCID 6/3/ICD-503
• Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification
• Strong demonstrated experience in understanding and applying principles of Risk Management Framework (RMF) to operations and tasks
• Strong demonstrated experience in using with Enterprise Mission Assurance Support Service (eMASS) for storage & retrieval of deliverables/artifacts
• Strong communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels
• Scanning systems and assisting the team in remediating vulnerabilities
• Ability to communicate effectively with senior management in government and contractor teams
• Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders

Required qualifications:

• Active Secret clearance
• Active CISSP Certification
• 5+ years minimum experience in Information Assurance positions
• Experience with system hardening
• Experience working in a team environment on similar tasks

Strongly desired knowledge, skills, and abilities:

• Strong Windows administration and hardening experience
• Experience with ICD-503 A&A processes
• Experience working on and supporting classified networks
• Security architecture, engineering, and A&A experience
• Experience with System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, Plan of Action & Milestones
• Experience with ACAS and other scanning tools
• Bachelor's or Master's degree in IA/Cyber Security/Computer Science
• IT security training in various disciplines

Y-Tech is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against the basis of race, gender, sexual orientation, gender identity, disability, protected veteran status or any other protected status.