TeraThink is an exceptionally nimble, resourceful team of information technology and management consultants that’s purpose-built to help our clients drive real, rapid progress and make smart, sustainable improvements that lead to less stress and greater operational success. Founded in 2002, TeraThink has celebrated 15 years of successful delivery of innovative and quality services to the Federal Government. We have made great strides in our industry growing north of $50M in revenue and employing over 220 people. Our company has been recognized four times on Washington Technology’s Fast 50 List, seven consecutive years on Inc. 500/5000, and most recently named to the Virginia Chamber of Commerce Fantastic 50 for the third time.
To this end, we are actively seeking an Information Security/Risk Management Framework (RMF) Systems Engineer for our team engaged with a Federal Client in Reston, VA.
Candidates will be a part of a system engineering team responsible for supporting a DoD client’s Program Management Office (PMO) with preparing packages for and obtaining an Authority to Operate (ATO). This team will be responsible for leading a tightly coordinated effort with senior government agency personnel and stakeholders on a highly visible DoD program. Candidates will apply the Risk Management Framework (RMF) to achieve the ATO and execute tasks associated with DoD information assurance accreditation actions. The team will focus on executing accreditation tasks related to RMF, technical artifacts, ACAS scans, DISA STIGs, and PO&AMs. A large part of this effort will be the development of technical artifacts that adhere to TeraThink and government quality standards.
Responsibilities and tasks include but are not limited to:
- Authoring detailed RMF artifacts and technical security documentation such as Security Plans, Configuration Management Plans, COOP Plans, Data Flow Diagrams, System Key and System Maintenance SOPs, Continuous Monitoring Plans, POAMs, and Vulnerability Management Plans.
- Supporting the execution of ACAS scans and reviewing STIG checklists.
- Designing and documenting system architecture for an information system.
- Supporting technical risk and vulnerability assessments for accreditation.
- Assisting with risk assessment reports for submission to designated accrediting officials.
- Documenting and tracking Plan of Action and Milestones (POA&M)'s for all accepted risks identified during C&A processes.
- Developing and delivering technical information required for verification of security compliance.
- Testing and implementing security controls on systems in accordance with directives.
- Serving as a client liaison and participate in meetings to ensure customer requirements are met.
- Must be a U.S. citizen, per contract requirements
- Must be able to obtain and maintain a DoD security clearance; prefer candidates with an active clearance
- 5-10 years’ experience in system engineering and information security disciplines (e.g., IA, InfoSec, & C&A)
- BA/BS degree in information security, computer science, or related technical field is preferred.
- Professional certifications required for 8570 compliance, such as Security+, CISSP, CASP
- Strong technical experience and knowledge of information security/information assurance principles, performing IA and C&A development tasks, and applying relevant industry security standards, policies, and procedures
- Expertise in completing security control validation and assessment of an information system to address threats and vulnerabilities
- Experience with large enterprise systems in a DoD environment
- Experience writing detailed technical security documentation such as Security Plans, Configuration Management Plans, COOP Plans, Data Flow Diagrams, System Key and System Maintenance SOPs, Continuous Monitoring Plans, POAMs, and Vulnerability Management Plans
- Expertise in applying the guiding DoD policy documents related to RMF and security (e.g., DoDI 8500.01, DoDI 8510.01)
- Experience with DISA auditing tools and eMass data entry requirements
- Experience with CGI’s Momentum ERP solution is preferred
- Must be capable of working independently and using the available resources to identify and present work products and deliverables
- Must be capable of communicating ideas clearly, both orally and in writing, to the customers and technical resources
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
TeraThink is committed to a policy of equal employment opportunity. We recruit, employ, train, compensate, and promote without regard to race, ancestry, color, sex, religion, age, national origin, citizenship status, disability, protected veteran status, marital status, sexual orientation or perceived sexual orientation, gender identity, familial status, political affiliation, or any other classification protected by state or federal law.
To submit your resume for this job, select how you heard about the job and then click the "Submit Your Resume" button below.
(NOTE: You need to have an account created in order to refer someone. Clicking this button will ask you to log in. If you are a returning user, log in to refer the person. If you are a new user, please create a Resume Profile first.)