Risk Management Engineer
Risk Management Engineer - Vienna, VA
Our client, a SDVOSB Technology Solutions Company specializing in Cloud Computing, Information Assurance, and Mobile solutions has an immediate opening for a Risk Management Engineer for a project with the Department of State. This is a contract to hire role.
• CISSP (desired but not required)
• CAP (must have within 90 days of start)
• Good people skills
• Good technical writing skills
• Strong team player
• Bachelor’ s degree
• Active DoD Secret of higher clearance
Experience in scanning tools (Nesses, WebInspect, etc.)
Able to navigate through server (Linux, Windows, MS SQL Server, Oracle, IIS, etc.)
Ability to analyze risk, create findings, conduct assessments, able to effectively communicate to technical teams (e.g. Developers,
Systems Administrators, DBA, etc.)
Knowledge of Microsoft products (Word, Visio, Project), firewalls, switches, SANs, networking structures, databases, IIS, SDLC, etc.
Ability to learn new automated tools.
The Information Assurance Engineer is responsible for certification and accreditation (C&A) activities for CA' s automated information systems (AIS) and provides C&A support for domestic and overseas deployed systems, as well as assist and advise system and application developers in the design and development of secure systems architecture in accordance with National Institute of Standards and Technology (NIST) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
The Information Assurance Engineer organizes technical working groups and interviews the developers to gather required information (system description, network diagram, data flow, data shared, hardware/software table, points of contact, etc.) to support new system authorization. He/she analyzes production system configuration change requests (CCR) of existing systems to determine security impact and initiates required actions to maintain security posture and accreditation status.
The Information Assurance Engineer develops and updates the following application documentation within the Consular Affairs Certification and Accreditation Management System (CACAMS)? a Comply Vision COTS product:
System Security Plan (SSP) and supporting documents and appendices, Memo Request for Authorization Activities; Security Categorization Form (SCF); E? Authentication Form (eRA); Registration of System in Information Technology Applications Base (ITAB); Privacy Impact Statements (PIA); Contingency Plan (CP); Contingency Plan Test; and Business Impact Analysis (BIA); andDeveloping any other appropriate certification documents such as manuals, guidelines and briefings
The Information Assurance Engineer also coordinates the remediation of Plan of Action and Milestones (POA&M) findings with various groups (including government and operations).
About Catapult Staffing LLC:
Catapult Staffing supports clients in the areas of Engineering and IT, Professional Services, Finance, and Federal Government sectors. We are passionate about matching the right talent for our client, and being an advocate for our talent! Check out our website: www.catapultstaffing.com
We are headquartered in Dallas, TX with offices internationally.