3 months ago
Sr. Info Assurance Engineer/STIG/RMF
Job ID: 440690BR Date posted: Jul. 12, City: Manassas State: Virginia
Description:This position is for an Information Assurance Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA. The Information Assurance Professional will be responsible for designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems. Play a key role in integrating security configuration procedures and tools on Linux platforms with minimal assistance. This includes evaluating requirements, selecting/implementing security controls, creating and/or reviewing installation procedures, conducting verification and validation of test procedures and script changes, tailoring and configuring security controls for specific product use, tailored platform hardening, application of application software and/or Operating System vulnerability patches, overall security assessment plan preparation, test procedure preparation, test execution and reporting, performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration. Identify issues and recommend solutions for integration by the Operating System team and/or software development team.
Collaboration with other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Act in a supporting role as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Support project schedule management, earned value management, and basis of estimate (BOEs) preparation. Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of federal mandates and system missions. Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team.
Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Information Assurance Engineer Senior will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF).
1. Minimum of current Secret clearance to start.
2. Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 years of professional experience; or 3 years of professional experience with a related Masters degree.
3. Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some UNIX admin commands and functions).
4. Knowledge of remediation methods using various cyber security controls for systems and networks.
5. Understanding of the Assessment and Authorization process.
6. Prior experience working with the DISA Security Technical Implementation Guide (STIG).
7. Familiar with system hardening approaches as a remediation to vulnerabilities.
8. Experience working with System Administrators and/or System Integrator applying software patches to the system (i.e., patch management duties)
9. Strong verbal and written communication skills.
1. Experience with or knowledge of the Risk Management Framework (RMF)
2. Familiarity with using Bash/Shell to produce hardening scripts and workable
knowledge of system scan analysis tools such as SCAP and ACAS to identify system vulnerabilities.
3. Understand the tracking, application and testing of vulnerabilities
4. CISSP certification or the pursuit thereof is a plus.
5. The ability to work independently without much peer guidance.
Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Join us at Lockheed Martin, where your mission is ours. Our customers tackle the hardest missions. Those that demand extraordinary amounts of courage, resilience and precision. They’re dangerous. Critical. Sometimes they even provide an opportunity to change the world and save lives. Those are the missions we care about.
As a leading technology innovation company, Lockheed Martin’s vast team works with partners around the world to bring proven performance to our customers’ toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories.
Experience Level: Experienced Professional Business Unit: ESS6500 RMS Relocation Available: Possible Career Area: Information Security/Information Assurance Clearance Level: Secret Type: Full-Time Virtual Location: no Work Schedule: TEMPO: 9X80A - Standard Fri to Fri (Flex & Rigid) Shift: First