Manassas, VA

Information Assurance Engineer

Sonalysts, Inc. is seeking an Information Assurance Engineer with critical thinking capable of developing and implementing security controls for classified network systems. Successful candidates will have detailed knowledge of Information Assurance policies and procedures within multiple security enclaves.

What you will be doing

Responsibilities include designing, developing, and implementing security controls to preserve confidentiality, integrity and availability of information systems. Individuals are required to integrate security configuration procedures and tools on Linux platforms with minimal assistance. Candidates will be required to evaluate requirements, selecting/implement security controls, create and/or review installation procedures, conduct verification and validation of test procedures and script changes, tailor and configure security controls for specific product use, tailor platform hardening, implementation of application software and/or Operating System vulnerability patches, overall security assessment plan preparation, test procedure preparation, test execution and reporting, performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration. Identify issues and recommend solutions for integration by the Operating System team and/or software development team.

Individuals will also be required to perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices. Applicants will be required to participate in certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Individuals will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF).

What’s in it for you

Becoming an integral part of an innovative, employee-owned company, which provides a full range of benefits including paid vacation time, tuition reimbursement program, health and dental insurance, life and disability insurance, Employee Stock Ownership Plan (ESOP), and 401(k) plans.

Opportunity to challenge yourself (learn and grow) intellectually as technologies advance.

Working on challenging and innovative projects.

Required Qualifications

U.S. citizen, eligible for a Department of Defense security clearance.

Please verify U.S. citizenship in your resume or cover letter.  Submissions without a statement verifying U.S. citizenship will not be considered.

Bachelor’s Degree in Computer Science or related technical field.

Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some UNIX admin commands and functions)

Prior experience working with the DISA Security Technical Implementation Guide (STIG)

Desired Qualifications

Experience with or knowledge of the Risk Management Framework (RMF) and the DOD Information Assurance Certification & Accreditation Process (DIACAP) method

Software development experience in Java, Javascript or C++ and/or system administration experience in RedHat Linux

Experience using automated Static Code Analysis (SCA) tools along with manual code review

Knowledge of DBMS and SQL (i.e. Oracle Database, MySQL, MariaDB)

Knowledge of OpenLDAP Directory Services and Domain Name Server (DNS)

Understanding of encryption concepts. Ability to communicate secure coding concepts and identify potential software defects/flaws

Knowledge of Web Servers / Services (i.e. Apache HTTP/S, Apache and Tomcat) and web applications

Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of system scan analysis tools such as SCAP and ACAS to identify system vulnerabilities

Risk Management Framework planning and implementation working experience is considered a plus

Experience in application and OS hardening using Ansible or Puppet modules or an equivalent hardening technique (e.g., shell scripting, file overlays, package management, etc)

Cross-Domain Guard experience is considered a plus

CISSP certification or the pursuit thereof is a plus

Experience applying hardening to the system to improve the overall security posture

Understanding of secure coding best practices and approaches to applying defensive security techniques

Knowledge of remediation methods using various cyber security controls for systems and networks

Understanding of the Certification and Accreditation process

The ability to work independently without much peer guidance

Experience working within an Agile development model

Strong verbal and written communication skills.


Send resume to Sonalysts, Inc., 215 Parkway North, Waterford, CT 06385 or  Reply to Ad 8518.

Sonalysts, Inc. is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, disability, or other basis protected by law.

Drug Testing Employer

Submit resumes for Ad 8518...
contact icon

By Mail

Recruiting Office
Sonalysts, Inc.
215 Parkway North, P.O. Box 280
Waterford, CT 06385

By Email

Please attach resume as Word, or PDF only.