Information Assurance Engineer
Overview
DecisionPoint is seeking an Information Assurance Engineer to join our team supporting the United States Transportation Command Transportation Financial Management System contract.
The Surface Deployment and Distribution Command (SDDC) is the Army Service Component Command of the United States Transportation Command (USTRANSCOM). The Transportation Financial Management System (TFMS) is the Oracle Financials-based enterprise financial management system solution in use by SDDC as its overall financial and reporting system. The Savantage support team provides technical and functional expertise to the TFMS Program Manager and users to ensure timely monthly and yearly closures of financial activities within TFMS, transition of functional configuration issues to the appropriate staff, and provide development and maintenance of TFMS Interfaces, SDDC Reporting requirements and System Change Requests (SCRs) Support, audit readiness support, Cybersecurity support, and Operational Environment sustainment.
This position is 100% remote.
Duties & Responsibilities
- Provide program specific input for the development of new application security documentation and the updating of existing application security documentation.
- Sustain all TFMS servers, applications, and databases in all operating environments in compliance with the Defense Information Agency (DISA) STIGs.
- Provide updates to existing certification and accreditation documentation, such as artifacts, test result, major and minor modification documents, network diagrams, ports and protocol matrix, topology diagrams, vulnerability scans, application certification package created during release cycle, and other existing documentation.
- Remediate the applicable DoD Security Authorization Decision conditions (conditional Authority to Operate (c/ATO))
- Provide basic Virtual Machines (VMs), Virtual desktop (VDI), or other access to the required non-Production environments.
- Maintain all source code and design artifacts.
- Provide FIAR security audit artifacts.
- Sustain accurate Risk Management Framework (RMF) documentation.
- Completed and validate STIG/SRG checklists for RMF, quarterly.
- Provide RMF ATO Artifacts, RMF Financial/Privacy Overlay,
- Support data cleansing activities to ensure test and development data are not from production and do not contain sensitive information.
- Perform code scans of staging, production, and other environments, as needed.
- Sustain the scanning tool and run scans, mitigate findings, and confirm clean scans prior to subsequent codes release.
- Track and report on all security issues uncovered during the software lifecycle.
- Complete monthly application STIG status reporting and POA&M updates
- Ensure associated risks are evaluated, documented, and reported along with risk mitigation and recommend course of action.
Qualifications
- Active Secret Clearance required.
- Associates or Bachelors with up to 5 years related work experience.
- Experience with IA tools such as: Nessus, Splunk, and Fortify SCA.
- Information Assurance Management (IAM) Level I certification such as Security+.
Our Equal Employment Opportunity Policy
- EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
- Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
- Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.