REQ#: RQ73021 NCIS Information Assurance Engineer (Open)
Travel Required: None
Public Trust: None
Requisition Type: Regular
Join GDIT and be a part of the team of men and women that solve some of the world’s most complex technical challenges. The NCIS program is searching for an Information Assurance Engineer to join their team in Quantico, VA.
The IAE will be required to acquire a Navy-Qualified Validator certificate within 180 days of start.
The Naval Criminal Investigative Service (NCIS) is an organization of over 2,000 personnel of which 700 serve at HQ and the remaining staff serve at offices worldwide. NCIS is the Department of Navy (DON) component with primary responsibility for criminal investigation, law enforcement (LE), counter-terrorism (CT), counterintelligence (CI), and cyber matters. NCIS not only has primary responsibility for all criminal investigative, CI, CT, and cyber matters within the DON, but it also has exclusive investigative jurisdiction in non-combat matters involving actual, potential, or suspected criminal, terrorism, sabotage, espionage, and subversive activities.
NCIS provides the DON with threat status and warnings associated with terrorist, criminal, cyber, and counterintelligence activity throughout the world. NCIS is the only DON organization that has the information and responsibility to fuse and analyze the national intelligence and law enforcement information necessary to provide these warnings.
The Information Technology Directorate (ITD) supports the NCIS core mission areas to investigate and defeat criminal, terrorist, and foreign intelligence threats by planning for and providing services through appropriate use of the people, equipment, technology, and infrastructure resources of the United States Navy and Marine Corps.
Establishes and satisfies system-wide information security requirements based on analysis of user, policy, regulatory, and resource demands.
Supports the Government Information Assurance (IA) Managers in the development and implementation of IA doctrine and policies.
Provides mentorship and guidance in the development, design and application of solutions implemented by IA team members.
As an Information System Security Engineer (ISSE), performs categorization, security control tailoring, perform STIG, ACAS and Assessment Procedure control implementation, and performs continuous monitoring on Risk Management Framework (RMF) Assessment and Authorization (A&A) packages; registers systems in eMASS/XACTA; prepares and submits POA&Ms to eMASS/XACTA; coordinates remediation/mitigation of POA&M findings; prepares and submits approved Baseline Changes; verifies configuration changes and modifications are performed and tested for compliance; assesses Ports, Protocols and Services (PPS) registrations; assesses authorization boundary and dataflow diagrams for traceability to hardware lists and PPS; performs any other cybersecurity duties as needed to maintain eMASS/XACTA Authorizations to Operate (ATOs) artifacts to ensure all assigned A&A packages are maintained in a compliant status.
As a Navy Qualified Validator (NQV), performs assessment and validation of A&A packages; validates STIGs, ACAS scans and Assessment Procedure (AP) controls; prepares Summary Security Assessment Report (SAR Summary); prepares and implements Security Assessment Plans (SAP); coordinates with the Security Control Assessor as needed; and assists and advises team members with RMF package preparation.
Reviews system engineering documentation, CONOPS, installation and configuration specifications to determine security requirements and to identify security concerns.
Prepares briefing slides, status charts and support documentation as presentations for the client.
Must have experience with using public key-based technologies for applications.
BS degree; additional years of experience may be considered in lieu of degree
10+ years of progressive experience in Information Systems Security Engineering (Information Assurance).
Strong background in applying information systems security engineering, security services, mechanisms, threat mitigations, and lessons learned from attack scenarios.
Experience preparing RMF authorization packages.
Trained and experienced using Assured Compliance Assessment System (ACAS), Enterprise Mission Assurance Support Service (eMASS), and STIG Viewer.
Must acquire a Navy-Qualified Validator certificate within 180 days of start.
Secret clearance; must be eligible to obtain Top Secret with SCI-level adjudication
Completed Navy RMF training
Experience preparing Navy Authorization Packages
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.