Information Assurance Engineer II
Indexed description
Responsibilities
- Support the full RMF lifecycle for assigned systems, including development, update, and maintenance of security documentation required to obtain and sustain ATO.
- Prepare and maintain RMF artifacts such as System Security Plans (SSPs), POA&Ms, security control documentation, and related evidence within repositories such as eMASS .
- Validate, document, and support implementation of DISA STIGs and Security Requirements Guides (SRGs) across operating systems, applications, databases, and network devices.
- Execute and support vulnerability management activities, including review of scan results from tools such as ACAS/Nessus, analysis of findings, and coordination of remediation efforts.
- Track identified security findings through POA&M management, ensuring issues are documented, prioritized, and resolved in a timely manner .
- Implement and support continuous monitoring strategies to verify that deployed systems remain compliant and that security controls continue to operate effectively.
- Review system audit logs, compliance reports, and security events to identify anomalies, potential risks, and areas requiring corrective action.
- Support security auditing and assessment activities by preparing artifacts and evidence for internal reviews, external inspections, and Security Control Assessor (SCA) evaluations.
- Coordinate with technical teams to resolve compliance discrepancies and strengthen system security posture.
- Establish and satisfy complex system-wide information security requirements based on analysis of user needs, policy requirements, regulatory mandates, and available resources.
- Support development and implementation of information assurance doctrine, policies, standards, and procedures for government and commercial common-user systems, as well as specialized purpose systems requiring enhanced security features.
- Provide guidance to stakeholders and team members on cybersecurity compliance requirements and best practices.
- May lead and direct the work of others and provide status updates to leadership, supervisors, or program managers.
- Bachelor’s degree in Cybersecurity, Information Technology, Information Assurance, Computer Science, or a related field
- Active Secret Clearance Required
- 5+ years of relevant experience in information assurance, cybersecurity, RMF, compliance, or a related field.
- Demonstrated experience supporting the RMF process and preparing or maintaining ATO packages.
- Experience working with eMASS or similar compliance/documentation repositories.
- Knowledge of DISA STIGs, SRGs, and security compliance practices across infrastructure and application environments.
- Experience with vulnerability scanning and analysis tools such as ACAS/Nessus.
- Familiarity with POA&M management, remediation tracking, and continuous monitoring practices.
- Experience supporting security assessments, audit readiness, and control validation activities.
- Strong understanding of cybersecurity principles, risk management, and regulatory compliance requirements.
- Ability to analyze complex security requirements and apply them across enterprise and specialized systems.
EEO Statement
EEO Race/Sex/Disability Status/Veteran Status
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search