Decision Point
Information Assurance Engineer
Decision Point, Boise, Idaho, United States, 83708
Information Assurance Engineer ID 2024-2688 Job Locations US-ID-Boise Category Information Technology Type Regular Full-Time Overview DecisionPoint is seeking an experienced Information Assurance Engineer to provide cybersecurity expertise to system owners, develop and update technical documents such as system security plans, policies, plans and procedures, and perform project management activities in accordance with NIST SP 800-37 and the USBR Cybersecurity Program Policy for the Bureau of Reclamation's (BOR) Columbia Pacific Northwest (CPN) region in Boise, ID. The successful candidate will work closely with federal staff, providing technical guidance on matters related to cybersecurity posture, and ensuring that cybersecurity controls are implemented according to applicable documentation. On Tuesdays the work location will be in the CPN Regional Office in Boise Idaho, 1150 North Curtis Road, Suite 100 Boise, ID 83706-1234. Work will be performed within the hours of 8:00 am - 5:00 pm during irrigation season and 7:00 am - 4:00 pm during the off season. All other days may be performed remote. Please note 25% of travel required. Duties & Responsibilities Lead in the completion of Internal Control Reviews (ICR) and other security assessments. Review and maintain System Security Plan(s) (SSP) and related security information (SSP, FIPS 199, CP, CP Test, IR Plan, IR Test, CM Plan, RAR, SAP, SAR, etc.) in accordance with required timeframes to ensure content is applicable, accurate, and in compliance with current security standards. Develop and maintain recorded implementation statements for all applicable security controls. Identify situations requiring PO&AM(s) and track their resolution, working closely with system personnel. Assess the security impact of configuration changes to the system, evaluating cost-effective security alternatives, and recommending security-related solutions. Review change requests and identify the impact to security resulting from the proposed change. Assist in the development and maintenance of system-level information cybersecurity plans and procedures. Serve as an advisor to the information owner on all matters, technical and otherwise, involving cybersecurity posture. Assess the cybersecurity impact of configuration changes to the system, evaluating cost-effective security alternatives, and approving security-related solutions. Participate in Change Control Board, review change requests, identify the impact to security resulting from the proposed change, approve or deny change requests, and ensure change control procedures are followed. Complete Security Impact Analysis for changes with significant impact. Ensure that the appropriate operational cybersecurity posture is maintained, and cybersecurity controls are implemented according to applicable documentation. Ensure Continuous Monitoring reports are received regularly and according to schedule. Review reports thoroughly with a cybersecurity mindset. Provide proactive and reactive support for cybersecurity incidents. Qualifications Ability to obtain a Public Trust Clearance. Bachelor's degree in Computer Science, Information Systems, or related field. Minimum of 5 years of experience creating FISMA-related activities (or similar) to include system security plans, contingency plans, incident response plans, configuration management plans, security control requirements and assessments, Plan of Action and Milestones (POA&M), and training requirements. Ability to obtain ITILv4 Foundations certification. Experience in applying NIST principles outlined in the following special publications (or similar), interpreting requirements, and developing implementation guidance. NIST SP 800-18, Guide for Developing Security Plans for Federal Information Systems NIST SP 800-30, Guide for Conducting Risk Assessments NIST SP 800-34, Contingency Planning Guide for Federal Information Systems NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations NIST SP 800-60, Guide for Mapping Types of Information and Information Systems to Security Categories NIST FIPS 199, Standards for Security Categorization of Federal Information and Information Systems Experience with performing information system continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect to meeting the security requirements. Experience gathering and organizing information for the preparation of system documentation to include system plans and standard operating procedures into clear, readable documentation for technical and non-technical personnel. A general understanding of Operational Technology (OT), Industrial Control Systems (ICS), and SCADA, including the cybersecurity challenges faced in these environments. Strong written and verbal communication skills. Our Equal Employment Opportunity Policy EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws. Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.