Skip to content
Risk Management Framework / Information Assurance Analyst Engineer
| Company | Leidos |
|---|
| Location | Fort Belvoir, VA, USA |
|---|
| Salary | $104650 – $189175 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Senior, Expert or higher |
|---|
Requirements
- BS degree with 8+ years’ experience or 12+ years of IA experience without a degree.
- Current DoD 8570 baseline certification for IAM III
- Understanding of the Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
- Familiarity with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management
- STIG compliance, SCC and STIG Viewer experience, and ACAS expertise.
- Expert with Microsoft Windows, Linux, and system virtualization in a secure network environment.
- Must be able to work in a constantly changing regulatory environment with short-, mid-, and long-term timelines for remediating any non-compliance
- Must be able to work well within a team environment and able to adapt quickly to change
- Good writing and verbal presentation skills
- Active DoD Top Secret Clearance with eligibility to obtain an SCI
Responsibilities
- Continuous upkeep, monitoring, analysis, and response to Information System, network and security events.
- Maintaining the NIPR and SIPR RMF packages for all enclaves within scope of the contract.
- Documents compliance actions within the approved automated compliance tracking system
- Ensures systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the System Security Plan (SSP), Standard Operating Procedures (SOP), and customer directives.
- Ensures records are maintained for workstations, servers, software, routers, firewalls, network switches, crypto, and other relevant hardware/equipment throughout the information system’s life cycle.
- Evaluates proposed changes or additions to the information system and advises senior site leadership of the security relevance.
- Participates in internal/external security audits/inspections; performs risk assessments and Continuous Monitoring.
- Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered
- Working with the Facility Security Officer (FSO) to develop, implement and manage a formal Information Security / Information Systems Security Program.
- Develop, implement and enforce Information Security Policies and Procedures.
- Review and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization (Certification/Accreditation) activities.
Preferred Qualifications
- Past or current ISSM/ISSO experience
- Security+ or CISSP
- GCIH a plus
- DoD IS knowledge and experience
- Background or understanding of System Security Plans (SSP)
- Security hardening scripting/automation experience
- Microsoft OS Certification (MCSE Win 7 or other)
- Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.)
