Information Assurance Engineer / Information System Security Officer

Job Description

Job Description

Overview

Onyx is seeking experienced Information Assurance Engineers/Information System Security Officers (IA Engineer/ISSOs) to support a Federal Government customer. The IA Engineer/ISSO is responsible for ensuring the confidentiality, integrity, and availability of customer information systems by designing, implementing, and managing security controls that protect critical government assets.

This role works closely with system owners, engineers, security professionals, and program leadership to maintain compliance with federal cybersecurity requirements while supporting secure system operations throughout the system lifecycle.

Covered Labor Categories

Senior IT Consultant (Senior Cloud ISSO / Senior Security Engineer)

• Experience: 10+ years
• Certification: CISSP or equivalent certification

 

Key Responsibilities

Policy and Governance

• Support the development and maintenance of cybersecurity policies, standards, procedures, strategies, and communications supporting the customer's mission.
• Ensure security services are performed in accordance with:
  • NIST SP 800-37
  • NIST SP 800-53
  • Federal Information Security Modernization Act (FISMA)
  • Organization-level policies, directives, and guidelines

Security Architecture & Implementation

• Design and implement security controls that protect information systems, applications, and networks.
• Develop security architectures, policies, standards, and procedures aligned with federal cybersecurity requirements.
• Support secure cloud and on-premises environments.

Security Assessments & Compliance

• Conduct security assessments and vulnerability reviews of information systems.
• Identify security weaknesses and recommend mitigation strategies.
• Ensure compliance with applicable federal standards, including:
  • NIST
  • FISMA
  • FedRAMP
• Collaborate with stakeholders to remediate identified findings.

Incident Response

• Participate in cybersecurity incident response activities.
• Assist in developing and testing incident response plans and playbooks.
• Support investigation and resolution of security incidents.

Continuous Monitoring

• Monitor security tools, system logs, and network activity to identify suspicious behavior.
• Analyze alerts and security data for indicators of compromise.
• Support ongoing continuous monitoring activities.
• Assist with internal and external cybersecurity audits and remediation efforts.

POA&M Management

• Develop, maintain, and report Plans of Action and Milestones (POA&Ms).
• Track remediation efforts through completion.
• Provide status updates to customer leadership.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
• Minimum experience requirements:
  • Senior Cloud ISSO / Senior Security Engineer: 10+ years

• Relevant cybersecurity certifications such as:
  • CISSP
  • CAP
  • CISM
  • CISA
  • CompTIA Security+
  • GIAC certifications
  • Equivalent DoD-approved certifications
• Demonstrated experience supporting information security programs within Federal Government or other highly regulated environments.
• Strong knowledge of:
  • NIST Risk Management Framework (RMF)
  • NIST SP 800-37
  • NIST SP 800-53
  • FISMA
  • FedRAMP
• Experience with enterprise security technologies, including:
  • Firewalls
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Security Information and Event Management (SIEM)
  • Encryption technologies
  • Identity and Access Management (IAM)
  • Authentication protocols
• Excellent analytical, problem-solving, and organizational skills.
• Strong written and verbal communication skills.
• Ability to work effectively in a collaborative, cross-functional environment.

Clearance Requirements

• Active Public Trust clearance required.
• Ability to obtain and maintain a Secret security clearance.

Preferred Qualifications

• Experience supporting cloud security initiatives within AWS, Azure, or Microsoft Government Cloud environments.
• Experience supporting Authorization to Operate (ATO) packages and RMF lifecycle activities.
• Experience using Enterprise Mission Assurance Support Service (eMASS).
• Experience with Security Control Assessments (SCAs).
• Knowledge of vulnerability management tools and continuous diagnostics and mitigation (CDM) practices.

 

 

Company Description

Onyx Consulting Services, LLC is a technology consulting firm delivering mission-focused IT solutions to the Federal Government. Since 2007, we have partnered with federal agencies to provide expertise in cybersecurity, systems engineering, software engineering, and data management, supporting some of the nation's most critical missions.

At Onyx, our employees are our greatest asset. We foster a collaborative, inclusive, and growth-oriented environment where talented professionals can make a meaningful impact while advancing their careers.

Onyx is a certified Woman-Owned Small Business (WOSB) and HUBZone-certified company, committed to delivering exceptional service, technical excellence, and innovative solutions to our government customers.

Company Description

Onyx Consulting Services, LLC is a technology consulting firm delivering mission-focused IT solutions to the Federal Government. Since 2007, we have partnered with federal agencies to provide expertise in cybersecurity, systems engineering, software engineering, and data management, supporting some of the nation's most critical missions.\r\n\r\nAt Onyx, our employees are our greatest asset. We foster a collaborative, inclusive, and growth-oriented environment where talented professionals can make a meaningful impact while advancing their careers.\r\n\r\nOnyx is a certified Woman-Owned Small Business (WOSB) and HUBZone-certified company, committed to delivering exceptional service, technical excellence, and innovative solutions to our government customers.