Our Customer is seeking an experienced Information Assurance Engineer to provide cybersecurity expertise to system owners, develop and update technical documents such as system security plans, policies, plans and procedures, and perform project management activities in accordance with NIST SP 800-37 and the USBR Cybersecurity Program Policy for the Bureau of Reclamation’s (BOR) Columbia Pacific Northwest (CPN) region in Boise, ID. The successful candidate will work closely with federal staff, providing technical guidance on matters related to cybersecurity posture, and ensuring that cybersecurity controls are implemented according to applicable documentation.
.Work will be performed within the hours of 8:00 am – 5:00 pm during irrigation season and 7:00 am – 4:00 pm during the off season.
Essential Functions, Responsibilities & Duties may include, but are not limited to:
Work Experience, Knowledge, Skills & Abilities:
- Lead in the completion of Internal Control Reviews (ICR) and other security assessments.
- Review and maintain System Security Plan(s) (SSP) and related security information (SSP, FIPS 199, CP, CP Test, IR
- Plan, IR Test, CM Plan, RAR, SAP, SAR, etc.) in accordance with required timeframes to ensure content is applicable, accurate, and in compliance with current security standards.
- Develop and maintain recorded implementation statements for all applicable security controls.
- Identify situations requiring PO&AM(s) and track their resolution, working closely with system personnel.
- Assess the security impact of configuration changes to the system, evaluating cost-effective security alternatives, and recommending security-related solutions.
- Review change requests and identify the impact on security resulting from the proposed change.
- Assist in the development and maintenance of system-level information cybersecurity plans and procedures.
- Serve as an advisor to the information owner on all matters, technical and otherwise, involving cybersecurity posture.
- Assess the cybersecurity impact of configuration changes to the system, evaluating cost-effective security alternatives, and approving security-related solutions.
- Participate in Change Control Board, review change requests, identify the impact to security resulting from the proposed change, approve or deny change requests, and ensure change control procedures are followed.
- Complete Security Impact Analysis for changes with significant impact.
- Ensure that the appropriate operational cybersecurity posture is maintained, and cybersecurity controls are implemented according to applicable documentation.
- Ensure Continuous Monitoring reports are received regularly and according to schedule. Review reports thoroughly with a cybersecurity mindset.
- Provide proactive and reactive support for cybersecurity incidents.
- Ability to obtain a Public Trust Clearance.
- Bachelor’s degree in computer science, Information Systems, or related field.
- Minimum of 5 years of experience creating FISMA-related activities (or similar) to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action, and Milestones (POA&M), and training requirements.
- Ability to obtain ITILv4 Foundations certification.
- Experience in applying NIST principles outlined in the following special publications (or similar), interpreting requirements, and developing implementation guidance.
- NIST SP 800-18, Guide for Developing Security Plans for Federal Information
- NIST SP 800-30, Guide for Conducting Risk Assessments
- NIST SP 800-34, Contingency Planning Guide for Federal Information Systems
- NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
- NIST SP 800-39, Managing Information Security Risk: Organization, Mission,
- and Information System View
- NIST SP 800-53A, Assessing Security and Privacy Controls in Federal
- Information Systems and Organizations: Building Effective Assessment Plans
- NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories
- NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems
- Experience with performing information system continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect to meeting the security requirements.
- Experience gathering and organizing information for the preparation of system documentation to include system plans and standard operating procedures into clear, readable documentation for technical and non-technical personnel.
- A general understanding of Operational Technology (OT), Industrial Control Systems (ICS), and SCADA, including the cybersecurity challenges faced in these environments.
- Strong written and verbal communication skills.
VIATEQ provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.