The Information Assurance Engineer provides subject matter expertise to client’s system development projects. They are responsible for advising teams on security best practices, regulations, and requirement. They assist project teams in maintaining an appropriate security posture and attaining appropriate security authorizations and approvals
*Must be U.S. Citizen
• Review proposed new systems, networks, and software for potential security risks
• Review security related product selection and implementation activities
• Define the scope and level of detail for security plans applicable to the system
• Identify need for changes based on new security technology and evolving threats
• Analyze change requests to the system for security posture impact/updates
• Have experience in and Support the Organizational Assessment & Authorization (A&A) process for existing and new systems
• Identify & generate Security Artifacts for A&A
• Review and recommend approval of systems FIPS 199, FIPS 200, and E-Authentication
• Prepare and provide System Security Plan for the system
• Coordinate Security Test and Evaluation events between involved stakeholders
• Participate in Security Test and Evaluation process and review ST&E report
• Perform Vulnerability Assessment review and generate reports for System Owner and stakeholders
• Assess known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance with applicable Security Requirements and related checklists
• Ability to interface with customers of various levels, to include but not be limited to Program Management Office (PMO), Authorizing Officials, Information System Owners, Independent Security Assessment Team and Technical system personnel
Excellent verbal/written communication skills
• Excellent interpersonal skills
• Able to work in a team environment
• Understanding of Systems Engineering requirements and specifications
• Able to demonstrate experience implementing Federal A&A Processes, assessing, and validating compliance with security controls and developing and maintaining associated documentation.
• Have detailed knowledge of the latest versions of the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, etc.
• Have experience with identification, documentation, and testing of security controls for information technology systems in accordance with the above NIST guidance
• Have experience with identification of security risks (threat/likelihood/impact) to the system, networks, and organization and documenting risks for management review
• Have experience with the System Development Life Cycle (SDLC) and the activities associated within each phase.
• Knowledge of NOAA/NESDIS a plus.
• Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various operating systems (e.g. Windows, Unix, Linux, and Mac)
• Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various applications (e.g. Oracle, SQL Server, Apache, IIS)
• Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of network devices (e.g. switches, routers, firewalls)
• Have experience with analyzing vulnerabilities and providing guidance on secure architecture design of various applications (e.g. internal-only, publicly available)
• Experience serving as an ISSO for a federal government system is a plus
• Experience conducting cybersecurity audits of Federal Systems to ensure appropriate implementation and security compliance
• Working knowledge of cyber security toolsets
Bachelor’s degree or higher in Computer Science, Information Systems, Engineering, Information Technology, or other related discipline from an accredited college or university or equivalent work experience.
EEO Compliance:
Ryde Technologies is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Ryde Technologies will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.
