Company:
DecisionPoint | Cortek
Location: Scott Air Force Base
Closing Date: 17/10/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Overview:
DecisionPoint Corporation is seeking a Mid Information Assurance Engineer to join our US Transportation Command – Global Freight Management team. The Information Assurance Engineer is responsible for managing and overseeing all cybersecurity aspects for the Global Freight Management (GFM) program. This includes identifying, analyzing, and mitigating security risks, threats, and vulnerabilities in compliance with Department of Defense (DoD) Risk Management Framework (RMF) standards. The role requires the development of secure software applications, continuous monitoring, and the implementation of security policies across the system lifecycle. The Information Assurance Engineer ensures that all security measures are in place to maintain system integrity and compliance with applicable DoD policies and industry best practices. This position also supports RMF accreditation activities, vulnerability scanning, flaw remediation, and secure coding to enhance the cyber resilience of the system.
Duties & Responsibilities:
Manage all aspects of cybersecurity for the GFM program, ensuring the system meets security compliance with DoD standards.
Identify, assess, and mitigate security risks, threats, and vulnerabilities throughout the system’s lifecycle, providing necessary countermeasures.
Design, develop, and implement secure applications in alignment with DoD STIGs, security checklists, and industry best practices (e.g., OWASP, SANS).
Ensure encrypted transactions and provide detailed logs of transaction activities as requested by the GFM PMO.
Conduct regular code scans using Fortify or similar tools, and submit scan results prior to software release into staging and production environments.
Track security issues throughout the software lifecycle and work with the Government to mitigate risks.
Remediate security vulnerabilities identified during the Fortify scans or through other means, ensuring no unmitigated vulnerabilities are introduced into the system unless specifically agreed upon by the Government.
Create and maintain RMF accreditation documentation, providing all necessary security control evidence for achieving Authorization to Operate (ATO), Authorization to Connect (ATC), or Interim Authorization to Test (IATT).
Ensure the application of security control families per NIST SP 800-53 and DoD instructions, integrating security and RMF activities into the SDLC.
Implement processes for continuous monitoring of system security controls, including automated scans (ACAS, SCAP, Fortify) and manual assessments.
Provide scan results and analysis to the Government to remediate vulnerabilities.
Ensure compliance with NIST SP 800-128, conducting security-focused CM practices to maintain secure system configurations and minimize risks.
Collaborate with the Government and contractor teams to provide updates, share system security data, and address any security issues discovered during development or operation.
Create, update, and maintain security documentation and POA&M items within the eMASS or other government-specified tools.
Provide comprehensive security reports and metrics, including open vulnerabilities and status of RMF-related tasks.
Assist in the preparation and submission of security authorization packages, including PPSM compliance, for system testing on operational networks.
Qualifications:
Active Secret Clearance.
Must hold an active an IAT Level II certification; CompTIA Security+ CE highly preferred.
Minimum of 4 years of experience in information assurance, cybersecurity, or related fields, specifically within the DoD environment.
Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related technical disciplines.
Proficiency in secure application development and implementation of DoD STIGs and security guidelines.
Experience with security vulnerability scanning tools, such as Fortify and ACAS.
Strong understanding of RMF processes, including developing and maintaining accreditation documentation.
Knowledge of NIST SP 800-53, NIST SP 800-128, and other relevant DoD and NIST security policies and publications.
Experience with configuration management and applying security-focused configuration controls.
Familiarity with automated scanning tools, secure coding practices, and incident response management.
Strong understanding of encryption technologies, secure network protocols, and system hardening techniques.
Strong problem-solving skills and ability to work in a fast-paced environment with shifting priorities.
Excellent written and verbal communication skills, with the ability to present technical concepts to both technical and non-technical stakeholders.
Strong attention to detail and the ability to maintain comprehensive security documentation.
Our Equal Employment Opportunity Policy:
EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.
DecisionPoint Corporation is seeking a Mid Information Assurance Engineer to join our US Transportation Command – Global Freight Management team. The Information Assurance Engineer is responsible for managing and overseeing all cybersecurity aspects for the Global Freight Management (GFM) program. This includes identifying, analyzing, and mitigating security risks, threats, and vulnerabilities in compliance with Department of Defense (DoD) Risk Management Framework (RMF) standards. The role requires the development of secure software applications, continuous monitoring, and the implementation of security policies across the system lifecycle. The Information Assurance Engineer ensures that all security measures are in place to maintain system integrity and compliance with applicable DoD policies and industry best practices. This position also supports RMF accreditation activities, vulnerability scanning, flaw remediation, and secure coding to enhance the cyber resilience of the system.
Duties & Responsibilities:
Manage all aspects of cybersecurity for the GFM program, ensuring the system meets security compliance with DoD standards.
Identify, assess, and mitigate security risks, threats, and vulnerabilities throughout the system’s lifecycle, providing necessary countermeasures.
Design, develop, and implement secure applications in alignment with DoD STIGs, security checklists, and industry best practices (e.g., OWASP, SANS).
Ensure encrypted transactions and provide detailed logs of transaction activities as requested by the GFM PMO.
Conduct regular code scans using Fortify or similar tools, and submit scan results prior to software release into staging and production environments.
Track security issues throughout the software lifecycle and work with the Government to mitigate risks.
Remediate security vulnerabilities identified during the Fortify scans or through other means, ensuring no unmitigated vulnerabilities are introduced into the system unless specifically agreed upon by the Government.
Create and maintain RMF accreditation documentation, providing all necessary security control evidence for achieving Authorization to Operate (ATO), Authorization to Connect (ATC), or Interim Authorization to Test (IATT).
Ensure the application of security control families per NIST SP 800-53 and DoD instructions, integrating security and RMF activities into the SDLC.
Implement processes for continuous monitoring of system security controls, including automated scans (ACAS, SCAP, Fortify) and manual assessments.
Provide scan results and analysis to the Government to remediate vulnerabilities.
Ensure compliance with NIST SP 800-128, conducting security-focused CM practices to maintain secure system configurations and minimize risks.
Collaborate with the Government and contractor teams to provide updates, share system security data, and address any security issues discovered during development or operation.
Create, update, and maintain security documentation and POA&M items within the eMASS or other government-specified tools.
Provide comprehensive security reports and metrics, including open vulnerabilities and status of RMF-related tasks.
Assist in the preparation and submission of security authorization packages, including PPSM compliance, for system testing on operational networks.
Qualifications:
Active Secret Clearance.
Must hold an active an IAT Level II certification; CompTIA Security+ CE highly preferred.
Minimum of 4 years of experience in information assurance, cybersecurity, or related fields, specifically within the DoD environment.
Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related technical disciplines.
Proficiency in secure application development and implementation of DoD STIGs and security guidelines.
Experience with security vulnerability scanning tools, such as Fortify and ACAS.
Strong understanding of RMF processes, including developing and maintaining accreditation documentation.
Knowledge of NIST SP 800-53, NIST SP 800-128, and other relevant DoD and NIST security policies and publications.
Experience with configuration management and applying security-focused configuration controls.
Familiarity with automated scanning tools, secure coding practices, and incident response management.
Strong understanding of encryption technologies, secure network protocols, and system hardening techniques.
Strong problem-solving skills and ability to work in a fast-paced environment with shifting priorities.
Excellent written and verbal communication skills, with the ability to present technical concepts to both technical and non-technical stakeholders.
Strong attention to detail and the ability to maintain comprehensive security documentation.
Our Equal Employment Opportunity Policy:
EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.
Share this job
Useful Links