Information Assurance Analyst
SRC, Inc. is currently seeking an Information Assurance Analyst in Chantilly, VA. The selected individual will lead the ICD 503 assessment and authorization effort for the key management infrastructure.
SRC, Inc., a not-for-profit research and development company, combines information, science, technology and ingenuity across our family of companies to deliver innovative, advanced defense solutions and products that are redefining possible®. Since 1957, our commitment to the customer and the best solution – not the bottom line – has remained a core value that guides our efforts. This passion for quality carries through to the technologies we invent and manufacture, the laboratories and facilities we build, the people we hire, and the communities we support.
At SRC, we provide you the freedom and the resources to solve “impossible” problems in a collaborative work environment that integrates research, development and manufacturing. We strive to proactively identify and eliminate barriers that prevent our employees’ full participation and are committed to ensuring an inclusive and equitable workplace for all our employees. When you join our team, you’ll be a part of something truly meaningful. You’ll join more than 1,300 engineers, scientists and professionals — with 20 percent of those employees having served in the military — helping to keep America and its allies safe and strong.
In return, you’ll enjoy an inclusive work environment, receive a competitive salary, and experience a comprehensive benefits package that includes four or more weeks of paid time off to start, 10 percent of an employee’s compensation contributed toward retirement, and 100 percent tuition support.
- Support NIST based Assessment and Authorization activities for COMSEC Terrestrial and Space Programs
- Knowledge of Risk Management Framework (RMF) to maintain the cybersecurity posture of all assets.
- Define, analyze and validate system requirements
- Participate in organization and National Working Groups (NWG), Space COMSEC Requirements Reviews (SCRR), and Key Management Infrastructure (KMI) project management/design reviews
- Assist in establishing and maintaining COMSEC baseline changes for key/equipment
- Engage with commercial vendors, program managers, and external agencies
- Support, coordinate, plan and implement equipment hardware/software changes with organization's crypto engineering division, vendor and program offices
- Review and validate system performance and deficiency reports (Nessus scans)
- Develop and maintain documentation including policies and standard operating procedures (SOP)
- Experience with vulnerability scan applications and operating systems and remediating system vulnerabilities
- Experience in working with architecture and development teams on security implementation approaches, best practices, and process development
- Experience with providing the secure implementation of chosen frameworks and technologies
- Possession of excellent interpersonal skills to successfully interact with clients, engineers, and managers
- Experience performing full A&A lifecycle activities including Continuous Monitoring, Vulnerability Management, Scanning, and Risk Management Framework (RMF) life cycle
- Experience with IA vulnerability testing and related network and system test tools (i.e. Nessus, HBSS, and EVSS)
Individuals seeking employment are considered without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, age, status as a protected veteran, or disability. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.Learn more about SRC: