Lead Information Assurance Engineer
Role details
Job location
Tech stack
Job description
DataPath is seeking a Lead Information Assurance Engineer in Colorado Springs, Colorado to manage the Information Assurance program for a deployable, SATCOM-based tactical communications network supporting a U.S. Department of Defense customer. The role leads Risk Management Framework (RMF) and security operations for the program, serves as the COMSEC Responsible Officer, and provides IA training to customers across the United States. Requires an active Secret clearance, U.S. citizenship, three or more years of cybersecurity experience, and a current DoD 8140 IAT Level III certification.
Roles and Responsibilities:
Security Engineering and Integration:
- Design, develop, implement, and integrate IA and security solutions across networking, computing, and enclave environments, including multi-enclave architectures spanning different data-protection and classification levels.
- Apply least-privilege and defense-in-depth principles throughout system design and sustainment.
- Serve as the primary for SIPRNet access and management.
Vulnerability, Risk, and Threat Management:
- Conduct system vulnerability scans, analyze findings, and drive remediation across applications and networks.
- Assess and mitigate security threats and risks across the full program life cycle.
- Apply adversary-behavior knowledge (MITRE ATT&CK) to anticipate and counter threats.
Risk Management Framework, Assessment, and Authorization:
- Apply the Risk Management Framework (RMF) and the Cybersecurity Risk Management Construct (CSRMC) to keep systems assessed, authorized, and continuously monitored.
- Lead security planning, risk analysis, and authorization activities for system and network operations.
- Review assessment and authorization (A&A) documentation for completeness and compliance, and author and maintain IA documentation in government-required formats.
- Work fluently from NIST SP 800-40, 800-53, and 800-171.
COMSEC and Mission Advisory:
- Serve as the Communications Security (COMSEC) Responsible Officer (CRO), accountable for the security, oversight, accountability, and compliance of COMSEC material in accordance with NSA, DoD, contractual, and organizational requirements.
- Advise on security matters related to SATCOM operations in high-availability use cases such as emergency response and environmental disasters.
- Deliver customer-facing IA training at locations across the continental United States.
Requirements
- Active, in-scope U.S. Government Secret clearance.
- U.S. Citizenship is required due to the nature of the work and contract requirements.
- 3+ years of cybersecurity experience, including STIGs, Information Assurance, and COMSEC.
- Current DoD 8140 IAT Level III baseline certification: SecurityX (formerly CASP+), CCNP Security, CISA, CISSP, GCED, or GCIH.
- Bachelor of Science degree in a technical field., * Experience as a COMSEC Responsible Officer (CRO).
- Experience with Enterprise Mission Assurance Support Service (eMASS).
- Experience as an Information Systems Security Officer (ISSO).
- Master's degree in Cybersecurity.
- Certified Ethical Hacker (CEH).