Information Assurance Auditor

Nucrest LLC Washington , DC 20319

Posted 3 months ago

Overview

NuCrest is seeking an Information Assurance Auditor to join our team in Washington, DC.

Description

The Information Assurance Auditor will conduct security control assessments, using the National Institute of Standards and Technology (NIST) Risk Management Framework, the security status of existing information systems with an Authority to Operate (ATO), perform appropriate assessments on any new system developed or deployed by OIG that falls within the scope of this contract, and to ensure continuous monitoring of all systems. Assess systems that have previously been assessed and received an ATO and systems that have not yet been assessed and do not have an ATO.

Responsibilities:

  • Assist in developming a Security Control Assessment (SCA) strategy for the organization; to include an overall assessment process flow or swim-lane diagram which documents the steps required to conduct assessment activities and interact with all necessary parties.

  • Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs)

  • Work closely with ISSOs (contractors and Government) and the technical team and ensure all appropriate A&A supporting documentation is provided prior to conducting the assessment.

  • Develop associated schedules and resource plans to complete the assessments.

  • Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization.

  • Review cyber/system/network security body of evidence and documentation for accuracy and completeness

  • Review and provide assurance that applicable security controls are implemented correctly across systems

  • Identify and document the appropriate security assessment level of effort and project management information to include tasks, reviews (including compliance reviews), resources, due dates, and milestones for the system being tested

  • Include an overall assessment process flow or swim-lane diagram which documents the steps required to conduct assessment activities and interact with all necessary parties (including but not limited to: System Owners, CIO, ISOs, IT Support, System Administrators).

  • Conduct Security Assessment Kickoff briefings and SAR briefings

  • Assess implemented security controls and provide assurance that they are operating as intended.

  • Perform independent verification and validation (IV&V) of each system and provide an authorization recommendation based on determination of risk to agency; IV&V will include unprivileged and privileged scans against each applicable system and unprivileged and privileged database scans against each applicable database management system (DBMS).

  • Perform quality control on the assessment and associated deliverables

  • Conduct Post Assessment Meetings with the customer

  • Provide Plan of Action and Milestones (POA&M) management to ensure has mitigated or is working to mitigate all vulnerabilities in a timely fashion and within policies

  • Develop a Continuous Monitoring Plan including a schedule to perform ongoing security assessments once the initial assessments are complete.

  • Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system.

Required Qualifications:

  • 6+ years expert experience performing security testing, security control assessments, security configuration testing, vulnerability scanning

  • 6+ years of experience with developing and documenting the Rules of Engagements (ROEs), Security Assessment Plans (SAPs), and Security Assessment Reports (SARs)

  • 6+ years of experience and expert knowledge of the FISMA, FIPS, Risk Management Framework, Cybersecurity Framework, other NIST A&A publications, and other IT Security Federal law and regulations.

  • 6+ years of experience utilizing NIST 800-53 and 800-53A

  • Familiar with cloud environments (services/security) and the FedRAMP A&A process.

  • Expert knowledge and skills to perform, document, write the results of the security assessment report. Knowledge of VA and VA OIG IT Security policies/guidance and required templates a plus.

  • Strong experience assessing and providing recommendation on the following: Privacy Impact Assessment, Risk Assessment, System Security Plan, Disaster Recovery / Contingency Plan, and Incident Response Plan.

  • Strong knowledge of the Systems Development Life Cycle (SDLC) and its application in the development of technology solutions

  • Significant experience with tools such as Nessus, Web Inspect, Db Protect and Splunk.

  • Strong technical background with Windows, Unix, legacy systems, databases, web servers/applications, cloud and virtualization environments.

  • Effective verbal and written communication skills with ability to effectively communicate with all levels of users and teammates both written and verbally.

  • Effective technical writing and documentation processing skills.

  • Strong project management, time management,and work sequencing skills.

  • Ability to work on the customer site 2-3 days a week in the DC area and travel to customer sites in Martinsburg, WV; Austin, TX; and Hines, Ill.

Travel

  • Ability to conduct site visits. Site visits could include, but is not limited to, the following locations: Atlanta, GA; Austin, TX; Baltimore, MD; Bay Pines, FL; Bedford, MA; Dallas, TX; Denver, CO; Hines, IL; Kansas City, MO; Los Angeles, CA; San Diego, CA; Seattle, WA; Spokane, WA; Washington, DC
  • Available for occasional travel outside local area (less than 50%)

Minimum Education:

  • BS/BA degree in technology or related cyber security field

Certifications:

  • One of the following certifications: CISA, CISSP, C/EH, GSNA, CAP, CASP, CISM, GSLC. CISSP, CISA, and C/EH preferred

  • All professional certifications and CPE credits must be up to date each year for validation by the customer

Clearance:

  • Public Trust required with at least a favorably-adjudicated Moderate Risk Background Investigation (suitability determination).

Work Core Hours:

  • Eight-hour workday, during the workweek: 8:00 am 5:00 pm ET, Monday through Friday

Company Background:

NuCrest, LLC is a minority-owned Service-Disabled Veteran-Owned Small Business (SDVOSB)/Small-Disadvantaged Business (SDB) based in Anne Arundel County, Maryland focuses on delivering a diverse portfolio of security-focus IT Enterprise Services and Solutions to support the critical missions of Federal and Civic clients. We deliver our services across multiple enterprise platforms, data networks, and cloud environments.

At NuCrest we support our Veterans and encourage all to apply!

NuCrest provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Assurance Security Specialist (Security Clearance)

N-Link

Posted 2 days ago

VIEW JOBS 10/12/2019 12:00:00 AM 2020-01-10T00:00 Company Overview n-Link Corporation was founded in 1995 as a high-end enterprise IT solutions firm attracting high-flying performers to join our company of owners. As a woman-owned small business, the founder created an Employee Stock Ownership Plan (ESOP) in 1999 and 10 years later became 100% ESOP-owned. In 2011, the company was selected as a "Top Small Company Workplaces" by Inc. Magazine and was awarded the prestigious "Innovation Award" by the National Center for Employee Ownership (NCEO). n-Link has also won a place on Inc. Magazine's 500/5000 fastest growing companies list for several years. Responsibilities and Duties * Ensure that all information systems are functional and secure by determining, developing, and implementing enterprise information assurance and security standards and procedures. * Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. * Identify, report, and resolve network security violations. * Recommend information assurance/security solutions to support customers' requirements. * Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Minimum Requirements * Possess an active Top Secret Security Clearance * Has five (5) or more years of related job experience * Possesses a IAT Level III Certification (i.e., CISSP, CISA, GCIH, etc.) * 3+ years of experience in a SOC environment * Demonstrated experience with McAfee ePO Benefits and Perks n-Link provides competitive benefits to include, Medical, Dental, Vision, 401K and an Employee Stock Ownership Plan (ESOP). N-Link Washington DC

Information Assurance Auditor

Nucrest LLC