15 days old

Sr. Info Assurance Engineer/STIG/DIACAP/SCA/RedHat

Lockheed Martin
Manassas, VA
  • Job Code
This position is for an Information Assurance Professional in the Rotary & Mission Systems Engineering and Technical organization, located in Manassas, VA. The Information Assurance Professional will be responsible for designing, developing, and implementing security controls to preserve the confidentiality, integrity and availability of information systems. Play a key role in integrating security configuration procedures and tools on Linux platforms with minimal assistance. This includes evaluating requirements, selecting/implementing security controls, creating and/or reviewing installation procedures, conducting verification and validation of test procedures and script changes, tailoring and configuring security controls for specific product use, tailored platform hardening, application of application software and/or Operating System vulnerability patches, overall security assessment plan preparation, test procedure preparation, test execution and reporting, performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration. Identify issues and recommend solutions for integration by the Operating System team and/or software development team
Perform Static Code Analysis (SCA) on software code base and work collaboratively with software developers to remedy any code that was constructed that reflects a weak security posture or deviates from secure coding best practices
Collaboration with other key stakeholders such as the customer, program management, integrators and testers on the platform security will be required to improve the overall security posture. Act in a supporting role as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Support project schedule management, earned value management, and basis of estimate (BOEs) preparation. Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls. Adhere to IT security guidance specific to the systems in support of federal mandates and system missions. Provide security engineering leadership and expertise in assisting with the development and delivery of security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Participate in architecture, design and code reviews and provide secure coding guidance and input to the software development team.
Perform certification and accreditation activities with various government authorities and certification agents to obtain and maintain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems. Information Assurance Engineer Senior will provide security control guidance to the customer that is in compliance with the Risk Management Framework (RMF)

Basic Qualifications
1. Minimum of current Secret clearance to start.
2. Bachelors degree from an accredited college in a related discipline, or equivalent experience/combined education, with 5 years of professional experience; or 3 years of professional experience with a related Masters degree
3. Experience in RedHat Linux as a very competent user (i.e., knowledgeable of some UNIX admin commands and functions)
4. Knowledge of remediation methods using various cyber security controls for systems and networks
5. Understanding of the Certification and Accreditation process
6. Prior experience working with the DISA Security Technical Implementation Guide (STIG)
7. Understanding of secure coding best practices and approaches to applying defensive security techniques
8, Experience applying hardening to the system to improve the overall security posture.
9. Experience working with System Administrators and/or System Integrator applying software patches to the system (i.e., patch management duties)
10. Strong verbal and written communication skills

Desired skills
1. Experience with or knowledge of the Risk Management Framework (RMF) and the DOD Information Assurance Certification & Accreditation Process (DIACAP) methods
2. Software development experience in Java, Javascript or C++ and/or system administration experience in RedHat Linux
3. Experience using automated Static Code Analysis (SCA) tools along with manual code review
4. Knowledge of DBMS and SQL (i.e. Oracle Database, MySQL, MariaDB)
5. Knowledge of OpenLDAP Directory Services and Domain Name Server (DNS)
6. Understanding of encryption concepts. Ability to communicate secure coding concepts and identify potential software defects/flaws
7. Knowledge of Web Servers / Services (i.e. Apache HTTP/S, Apache and Tomcat) and web applications
8. Familiarity with using Bash/Shell to produce hardening scripts and workable
knowledge of system scan analysis tools such as SCAP and ACAS to identify system vulnerabilities
9. Risk Management Framework planning and implementation working experience is considered a plus
10. Experience in application and OS hardening using Ansible or Puppet modules or an equivalent hardening technique (e.g., shell scripting, file overlays, package management, etc)
11. Cross-Domain Guard experience is considered a plus
12. CISSP certification or the pursuit thereof is a plus
12. The ability to work independently without much peer guidance

As a leading technology innovation company, Lockheed Martin’s vast team works with partners around the world to bring proven performance to our customers’ toughest challenges. Lockheed Martin has employees based in many states throughout the U.S., and Internationally, with business locations in many nations and territories

Join us at Lockheed Martin, where we’re engineering a better tomorrow

Lockheed Martin is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status

Job Location(s): Manassas Virginia

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Sr. Info Assurance Engineer/STIG/DIACAP/SCA/RedHat

Lockheed Martin
Manassas, VA

Share this job

Sr. Info Assurance Engineer/STIG/DIACAP/SCA/RedHat

Lockheed Martin
Manassas, VA

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account