Information Assurance Specialist

• Support the security assessment of globally deployed departmental systems through hands-on execution of customer-supplied tools and best-practice techniques, including manual and automated verification scans against defined component baselines.
• Assist with determining the security and configuration status of a variety of system components including SQL Server and Oracle databases. There are occasional “one-off” components requiring development of baseline security configurations, hence technical curiosity and a desire to learn and innovate are beneficial.
• For Assessment & Authorization purposes, validate the components and configurations of departmental systems deployed both globally and domestically.
• Identify misconfigurations, non-compliances, and anomalies which are relevant to FISMA assessment practices. Coordinate system assessment and findings to the Security Analyst for inclusion in Security Assessment Report and participate in findings meetings with relevant system stakeholders.
• Using the NIST Risk Management Framework and the NIST 800-53 security control catalog, map system and configuration anomalies to specific NIST security controls, along with specific recommended remediation. Write accurate, cogent and defensible descriptions of security configuration status as well as succinct and defensible suggested remediation.

• Bachelor's degree with 3-5 years' experience; experience in lieu of degree is acceptable
• SQL Server and Oracle environment familiarity
• Nessus experience
• NIST and Risk Management Framework (RMF) familiarity and use

• Prior Department of State experience
• Application security principles and experience
• Knowledge of cloud migrations/assessments or PKI-DAR (data at rest), or general services support typical of completing RMF type assessments

• Clearance Level SECRET (Required to Start)

By Light Professional IT Services