Information Assurance Engineer
Sonalysts, Inc. is seeking an Information Assurance Engineer with critical thinking capable of developing and implementing security controls for classified network systems. Successful candidates will have detailed knowledge of Information Assurance policies and procedures within multiple security enclaves.
What you will be doing
Responsibilities include designing, developing, and implementing security controls to preserve confidentiality, integrity and availability of information systems. Individuals are required to integrate security configuration procedures and tools on Linux platforms with minimal assistance. Candidates will be required to evaluate requirements, selecting/implement security controls, create and/or review installation procedures, conduct verification and validation of test procedures and script changes, tailor and configure security controls for specific product use, tailor platform hardening, implementation of application software and/or Operating System vulnerability patches, overall security assessment plan preparation, test procedure preparation, test execution and reporting, performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration. Identify issues and recommend solutions for integration by the Operating System team and/or software development team.
Individuals will also be required to perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices. Applicants will be required to participate in certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Individuals will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF).
What’s in it for you
Becoming an integral part of an innovative, employee-owned company, which provides a full range of benefits including paid vacation time, tuition reimbursement program, health and dental insurance, life and disability insurance, Employee Stock Ownership Plan (ESOP), and 401(k) plans.
Opportunity to challenge yourself (learn and grow) intellectually as technologies advance.
Working on challenging and innovative projects.
U.S. citizen, eligible for a Department of Defense security clearance.
Please verify U.S. citizenship in your resume or cover letter. Submissions without a statement verifying U.S. citizenship will not be considered.
Bachelor’s Degree in Computer Science or related technical field.
Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some UNIX admin commands and functions)
Prior experience working with the DISA Security Technical Implementation Guide (STIG)
Experience with or knowledge of the Risk Management Framework (RMF) and the DOD Information Assurance Certification & Accreditation Process (DIACAP) method
Experience using automated Static Code Analysis (SCA) tools along with manual code review
Knowledge of DBMS and SQL (i.e. Oracle Database, MySQL, MariaDB)
Knowledge of OpenLDAP Directory Services and Domain Name Server (DNS)
Understanding of encryption concepts. Ability to communicate secure coding concepts and identify potential software defects/flaws
Knowledge of Web Servers / Services (i.e. Apache HTTP/S, Apache and Tomcat) and web applications
Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of system scan analysis tools such as SCAP and ACAS to identify system vulnerabilities
Risk Management Framework planning and implementation working experience is considered a plus
Experience in application and OS hardening using Ansible or Puppet modules or an equivalent hardening technique (e.g., shell scripting, file overlays, package management, etc)
Cross-Domain Guard experience is considered a plus
CISSP certification or the pursuit thereof is a plus
Experience applying hardening to the system to improve the overall security posture
Understanding of secure coding best practices and approaches to applying defensive security techniques
Knowledge of remediation methods using various cyber security controls for systems and networks
Understanding of the Certification and Accreditation process
The ability to work independently without much peer guidance
Experience working within an Agile development model
Strong verbal and written communication skills.
Send resume to Sonalysts, Inc., 215 Parkway North, Waterford, CT 06385 or firstname.lastname@example.org. Reply to Ad 8518.
Sonalysts, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, disability, or other basis protected by law.
Drug Testing Employer