Job Title: Senior/Intermediate Information Assurance Engineer
Location: Denver, CO
These positions are challenging roles in a multi-contractor team supporting a fast-moving program for multiple customers and/or projects. Multiple positions are available. In this role, you will execute tasks and support for the DevSecOps teams on various mission services projects. This task requires expertise in Information Assurance Security Engineering and A&A; you need to be the go-to person. Establishing a track record of reliability and trust with team members and security stakeholders is crucial. As part of the LP3 team, occasional consulting on other projects as well as RFI and proposal support are also required.
The IA engineer shall perform, review, and conduct hardening as well as technical security assessments on cloud and on-premise computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations; and recommends mitigation strategies to the team.
· Validates and verifies system security requirements definitions and analysis and establishes system security designs for controls.
· Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
· Builds IA into systems and services deploying into operational environments at multiple classification levels
· Assists architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.
· Enforces the design and implementation of trusted interfaces among external systems and architectures.
· Assesses and mitigates system security threats/risks throughout the program life cycle.
· Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
· Reviews A&A documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.
KEY SUCCESS ATTRIBUTES:
- Strong host security background in Windows and linux
- Strong network engineering and security background
- Virtualization, SCCM, WSUS, and patching experience
- Strong knowledge and experience with NIST 800-53 and associated security controls implementation and verification
- Outstanding communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels
- Scanning systems and assisting the team in remediating vulnerabilities
- Ability to communicate effectively with senior management in government and contractor teams
- Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders
- Hands-on experience scanning and hardening servers, workstations, and network systems and assisting the team in remediating vulnerabilities
- Ability to plan, design, and implement secure solutions
- Ability to effectively communicate and advocate key security requirements and control implementation to a development team
The ideal person for this role is flexible, experienced, technically capable, self-motivated, and can effectively influence others to deliver the right solution for the customer. Creativity, personal backbone, and IT security experience are required. Assessment & Authorization (A&A) experience is required to be successful in this position. A mix of professional relationship skills and technical skills are required in this role. It will be an interesting mix of tasks from day-to-day.
Occasional, short day trips to other CONUS/OCONUS customer facilities may be required 2-3 times per year.
- TS/SCI (SCI access within the last 2 years)
- Knowledge of NIST 800-53 security requirements
- Experience in system hardening on Windows and Linux systems
- Networking experience
- Bachelor's degree (or equivalent experience depending on position)
- 5+ years minimum experience in Information Assurance positions
- Experience working in a team environment on similar tasks
- IT security training in various disciplines
- DoD 8570 certification (IAM-II or IAM-III)
Strongly desired qualifications/skills:
- Strong Windows administration, patching, and network management experience
- Experience with ICD-503 A&A processes in government customer environments
- Experience working on and supporting classified networks
- Security architecture, engineering, and A&A experience
- Experience with System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, Plan of Action & Milestones
- Experience with ACAS and other scanning tools
- Virtual host experience with VMWare or Hyper-V
- Firewall experience
- Enterprise audit logging experience
- Security architecture and engineering experience
- Bachelor’s or Master’s degree in IA/Cyber Security/Computer Science
- Advanced IT certifications--technical certifications such as CISSP, RHCE, CCIE, SANS, etc.
This position is offered by LP3. LP3 is an innovative company delivering Information Assurance consulting expertise to DoD and IC customers. LP3 is an Equal Opportunity Employer. We hire VETS!
If you are cleared, qualified, and interested in this opportunity please email a detailed technical resume to: careers@LP3.com
LP3 is an innovative small company delivering Information Assurance consulting expertise to DoD and IC customers. LP3 is a proven leader in cyber security services nationwide, providing our customers with solutions tailored to meet rapidly evolving IT and cyber security needs. Our depth of knowledge and experience gained protecting our Nation's IT infrastructure over the past decade allows us to offer the highest caliber of IT and security services to our corporate clients. At LP3, we consider our people our most valuable asset. We are committed to providing an environment that fosters growth, respect, and integrity. As an employee of LP3, you will be empowered to contribute and make a difference on day one.
Compensation Comments: Compensation is dependent on experience levels and the rates available to us on various contracts. LP3 makes offers to people based on their experience, attitude, and their fit for a particular contract.