Information Assurance Engineer / Information System Security Officer (IA Engineer/ISSO)

Onyx Consulting Services

Washington, District of Columbia

JOB DETAILS
SKILLS
Amazon Web Services (AWS), Analysis Skills, Authentication, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, CompTIA Security+, Computer Science, Computer Security, Cross-Functional, Cryptography, Customer Service Systems, Customer Support/Service, Enterprise Protection, External Audit, FISMA - Federal Information Security Management Act, Federal Compliance Regulations, Federal Government, Firewalls, GIAC - Global Information Assurance Certification, Government, Identity Data Management, Incident Response, Information Technology & Information Systems, Information Technology Consulting, Information/Data Security (InfoSec), Internal Audit, Internet Security, Intrusion Detection Systems, Intrusion Detection and Prevention (IDP), Intrusion Prevention Systems, Leadership, Maintain Compliance, Microsoft Windows Azure, Operational Support, Operations Security (OPSEC), Organizational Skills, Presentation/Verbal Skills, Problem Solving Skills, Protective Services, Risk Management Framework (RMF), Secret Clearance, Security Analysis, Security Architecture, Security Clearance, Security Information and Event Management (SIEM), Security Monitoring, Software Engineering, System Lifecycle, System Operations, Systems Engineering, Team Player, Test Plan/Schedule, U.S. National Institute of Standards and Technology (NIST), United States Department of Defense (DoD), Writing Skills
LOCATION
Washington, District of Columbia
POSTED
5 days ago
Overview
Onyx is seeking experienced Information Assurance Engineers/Information System Security Officers (IA Engineer/ISSOs) to support a Federal Government customer. The IA Engineer/ISSO is responsible for ensuring the confidentiality, integrity, and availability of customer information systems by designing, implementing, and managing security controls that protect critical government assets.
This role works closely with system owners, engineers, security professionals, and program leadership to maintain compliance with federal cybersecurity requirements while supporting secure system operations throughout the system lifecycle.
Covered Labor Categories
Senior IT Consultant (Senior Cloud ISSO / Senior Security Engineer)
  • Experience: 10+ years
  • Certification: CISSP or equivalent certification
 
Key Responsibilities
Policy and Governance
  • Support the development and maintenance of cybersecurity policies, standards, procedures, strategies, and communications supporting the customer's mission.
  • Ensure security services are performed in accordance with:
    • NIST SP 800-37
    • NIST SP 800-53
    • Federal Information Security Modernization Act (FISMA)
    • Organization-level policies, directives, and guidelines
Security Architecture & Implementation
  • Design and implement security controls that protect information systems, applications, and networks.
  • Develop security architectures, policies, standards, and procedures aligned with federal cybersecurity requirements.
  • Support secure cloud and on-premises environments.
Security Assessments & Compliance
  • Conduct security assessments and vulnerability reviews of information systems.
  • Identify security weaknesses and recommend mitigation strategies.
  • Ensure compliance with applicable federal standards, including:
    • NIST
    • FISMA
    • FedRAMP
  • Collaborate with stakeholders to remediate identified findings.
Incident Response
  • Participate in cybersecurity incident response activities.
  • Assist in developing and testing incident response plans and playbooks.
  • Support investigation and resolution of security incidents.
Continuous Monitoring
  • Monitor security tools, system logs, and network activity to identify suspicious behavior.
  • Analyze alerts and security data for indicators of compromise.
  • Support ongoing continuous monitoring activities.
  • Assist with internal and external cybersecurity audits and remediation efforts.
POA&M Management
  • Develop, maintain, and report Plans of Action and Milestones (POA&Ms).
  • Track remediation efforts through completion.
  • Provide status updates to customer leadership.
Required Qualifications
  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
  • Minimum experience requirements:
    • Senior Cloud ISSO / Senior Security Engineer: 10+ years
       
  • Relevant cybersecurity certifications such as:
    • CISSP
    • CAP
    • CISM
    • CISA
    • CompTIA Security+
    • GIAC certifications
    • Equivalent DoD-approved certifications
  • Demonstrated experience supporting information security programs within Federal Government or other highly regulated environments.
  • Strong knowledge of:
    • NIST Risk Management Framework (RMF)
    • NIST SP 800-37
    • NIST SP 800-53
    • FISMA
    • FedRAMP
  • Experience with enterprise security technologies, including:
    • Firewalls
    • Intrusion Detection/Prevention Systems (IDS/IPS)
    • Security Information and Event Management (SIEM)
    • Encryption technologies
    • Identity and Access Management (IAM)
    • Authentication protocols
  • Excellent analytical, problem-solving, and organizational skills.
  • Strong written and verbal communication skills.
  • Ability to work effectively in a collaborative, cross-functional environment.
Clearance Requirements
  • Active Public Trust clearance required.
  • Ability to obtain and maintain a Secret security clearance.
Preferred Qualifications
  • Experience supporting cloud security initiatives within AWS, Azure, or Microsoft Government Cloud environments.
  • Experience supporting Authorization to Operate (ATO) packages and RMF lifecycle activities.
  • Experience using Enterprise Mission Assurance Support Service (eMASS).
  • Experience with Security Control Assessments (SCAs).
  • Knowledge of vulnerability management tools and continuous diagnostics and mitigation (CDM) practices.
 

About the Company

O

Onyx Consulting Services

KMS Consulting Services, a business and technology consulting firm, is committed to providing high quality, cost-effective consulting services to businesses in a wide range of industries. Founded in 1994, KMS specializes in the planning, design, implementation, training and support of collaboration, social, and communications tools, focusing on process efficiencies and business solutions. 

COMPANY SIZE
1 to 9 employees
INDUSTRY
Computer/IT Services
FOUNDED
1994
WEBSITE
http://kmssolutions.com/