Website ECS

ECS is seeking an Information Assurance Manager to work in our Bethesda, MD office.

Job Description:
ECS is tasked to provide daily support for the Navy Bloodborne Infection Management Center (NBIMC) application and systems that supports clinical patient management through inpatient and outpatient care in the field, at hospitals, and branch clinic locations worldwide. NBIMC operates a system called HIV Management Service (HMS) that maintains interoperability with other medical systems. HMS is a certified and accredited distributed internet application with the database and database application residing on a central, dedicated network of servers providing client/server support to selected users.• Conduct Security Engineering, IA, and C&A of DoD and Federal Information Systems, which will include developing security requirements, data gathering and documenting system security plans, risk assessments, contingency plans, security test and evaluation plans, security concepts of operations.

Duties:

Coordinate and perform technical and non-technical certification & accreditation assessments to evaluate compliance with established information assurance policies and regulations according to DoD, NSA, DISA, NIST and other IA related military/federal requirements.
Develop, review, and maintain security policies and standards on commonly deployed systems, such as MS Windows, UNIX/LINUX, routers, switches, firewalls, wireless bridges, wireless intrusion detection systems, databases, web servers and software applications.
Use knowledge of PKI principles to implement and provide guidance regarding PKI implementation including CAC based authentication.
Generate or Review RMF packages.
Provide IA and System Security expertise
Security Engineering guidance
Comprehensive vulnerability and threat analysis
Guidance on IA security solutions
Security assessments (onsite and vendor facility)
Analysis activity providing threat warnings, attack alerts and bulletins
Security engineering services that leverage government and commercial solutions
Review, at least annually, existing IA risk management processes to ensure compliance with DoN/DoD policy.
Ensure continuous review of current threats, vulnerabilities, technologies, and mission changes for impact on organizational risk posture.
Analysis and enhancements of the current Information Assurance Program.
Support the Security Test and Evaluation (ST&E)
Penetration Testing support
Validation of Communication Security (COMSEC) Compliance
System Management Analysis
Performs AISs and networks Evaluations and Audits.
Contingency Plan Evaluation and update
Risk Management Review and update
Provides support in the implementation of IA policies in accordance with Federal and DoD AIS security regulations, as well as creating policies based on the effectiveness of existing IA best practices and policies.
Communicates security related IA issues or items of interest affecting the NBIMC; and tests, verifies, and assures that adequate security controls exist within the IT systems supporting the NBIMC.
Provides support and assistance of the implementation of the Information Assurance Vulnerability Alert (IAVA) process within the NBIMC.
Perform vulnerability assessments, and provide results quarterly.
Provides guidance on IA responsibilities and procedures to HMS AIS users and external partners.
Use effective writing and verbal communication skills to advise management on security requirements and information assurance trends and solutions.
Manage multiple projects and deadlines.
Perform other assigned duties as required.
Required Skills:

6 – 8years + experience
Active Secret security clearance
Extensive knowledge of the Certification and Accreditation (C&A) process within the DHA framework and experience reviewing, advising, and processing RMF packages, to include experience with C&A package submission through eMASS
Certified Information Sys Sec Prof (CISSP) designation
Qualified at the IAM Level III for the DoD Information Assurance Workforce, to include Security +
Knowledgeable of RMF and other risk assessment frameworks (e.g., NIST)
Capable of communicating, both orally and in writing, with a wide range of professional contacts
Desired Skills:

Vulnerability scanning, auditing, assessment, and analysis
Operating system and network knowledge (i.e., Windows Server 2008/2012/2016, Linux, Local Area Networks [LAN] and Wide Area Networks [WAN])
Information security and assurance principles and associated supporting technologies
Application security, database security, and network security
Networking / Firewall Access Control
Linux engineering or Admin Experience
Windows Engineering or Admin Experience
Knowledge of DHS Networks
Knowledge of HIPAA requirements
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 2300+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.