Senior Information Assurance Engineer (TS/SCI Required)

Intelligent. Dynamic. Resilient. 

Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against the most complex cyber threats imaginable for more than 25 years. As trailblazers in defense-grade, high assurance cyber security, we have been leading the way in developing and delivering innovative cyber security technology. We protect data wherever it resides. Our unwavering dedication and commitment to our customers and the critical missions they serve are what set us apart. We are dynamic, vigilant, and proactive in everything we do. Our suite of cross domain, threat protection and insider risk solutions empower governments and enterprise organizations to use data safely - where and however their people need it. At Everfox, we innovate, we invest, we achieve. We protect what matters most to our customers. And we offer protection like no other. We do all of this so our customers can focus on what matters most… their mission.

Job Title: Senior Information Assurance Engineer

Primary Work Location*: San Antonio, Texas

Position Summary:
Everfox is one of the world’s most significant private cybersecurity software and professional service companies. As a Principal Information Assurance Engineer at Everfox, you’ll join our growing professional services engineering team. The work is challenging and provides support to a single customer. Supporting this customer will require you to troubleshoot and resolve various issues independently. While you’ll have access to other engineering staff, you’ll be expected to be a self-starter and multitask while communicating effectively with the customer and Everfox management. The ideal candidate will have hands-on experience providing administrator or SME-level support for endpoint security solutions, such as HBSS, Tanium, Digital Guardian, etc. 

What You'll be Doing: 
Many job listings provide a wide range of confusing and often vague terms. At Everfox, we take a different approach by spelling out the key things you’ll be responsible for.

• Validates and verifies system security requirements definitions and analysis and establishes system security designs for controls.

• Designs, develops, implements, and/or integrates IA and security systems and system components for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and differing data protection/classification requirements.

• Builds IA into systems and services deploying into operational environments at multiple classification levels.

• Assists architects and services developers in identifying and implementing appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.

• Enforces the design and implementation of trusted interfaces among external systems and architectures.

• Assesses and mitigates system security threats/risks throughout the program life cycle.

• Contributes to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations.

• Creates and reviews A&A Body of Evidence documentation, providing feedback on the completeness and compliance of its content. Develops and executes Security Test Plan (STP) closely with team members.

• Possibility of 25% or less travel to customer locations when needed.

• Other duties as assigned.

Things You Must Have to Apply: 

• An active (currently in use) – TS with SCI or SCI eligibility within two years from last use.

• A bachelor’s degree in computer science, Information Systems, Cyber Security, or equivalent education and work experience.

• At least one DoD 8140 Cyber Workforce Qualification Program certification, at IAT level II (2) or higher.

• The ability to obtain the appropriate work authorizations required under U.S. ITAR or EAR regulations from the applicable U.S. government agency.

• 8+ years’ experience in Information Assurance positions performing the following tasks:

  • Reviewing, applying, and remediating security vulnerabilities or implementing security controls based on STIG guidance or scanning reports.

  • SME-level knowledge of NIST compliance

  • SME-level knowledge of working through A&A efforts leading to obtaining an ATO. Experience working with customers or stakeholders within an organization to achieve.

• 8+ years’ experience in the following technical skills:

  • Expert knowledge and experience in A&A with DCID 6/3/ICD-503.

  • Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification.

  • Strong demonstrated experience in understanding and applying Risk Management Framework (RMF) principles outlined in NIST SP 800-37.

  • Strong demonstrated experience using Enterprise Mission Assurance Support Service (eMASS) for storage & retrieval of deliverables/artifacts.

  • Strong communication skills, including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels.

  • Scanning systems and assisting the team in remediating vulnerabilities

  • Ability to communicate effectively with senior management in government and contractor teams.

  • Experience ensuring systems to comply with essential government security requirements and demonstrate that through verification testing with government security stakeholders.

  • Experience with ACAS (Assured Compliance Assessment Solution) Nessus Scanner.

  • Familiar with DISA SCAP Tool and STIG Viewer.

  • Understanding of Windows and Linux STIG scripting 

Things That Would Be Nice to Have:

• Experience working in cloud environments such as AWS, Azure, GovCloud, or Google Cloud.

• Experience working with N-Tier architecture.

• Strong Windows administration and STIG hardening experience.

• Experience working on and supporting classified networks.

• Security architecture, engineering, and A&A experience.

• Experience with System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, Plans of Action, & Milestones.

• IT security training in various disciplines.

*Primary Work Location
For customer privacy and security, the exact customer location is not shown via the attached link, nor is the customer mentioned by name. The customer's name and location will be shared upon starting employment and indoctrination with Everfox.

**Physical Demands
This is primarily a sedentary role, but you may be required to assist with installing and racking servers, network equipment, etc., related to the products running at the customer location.

***Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, obligations, and activities may change at any time as determined by the customer or Everfox management.

A reasonable estimate of the base salary range for this role is:

$129,029.52-187,530.72 USD

A reasonable estimate of the base salary range for this role is:

The actual salary offered may vary within the range based on a candidates' unique experience, locale, and business needs. In addition to a base salary and bonus plans, Everfox offers a generous benefits package including flexible PTO, a 401k match, and contribution to healthcare coverages. Our talent acquisition team will provide specific information regarding bonus eligibility and benefits offerings.

________________________________________________________________

Don’t meet every single qualification? Studies show people are hesitant to apply if they don’t meet all requirements listed in a job posting. If there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.

Everfox is an equal employment opportunity employer and complies with all applicable federal, state, and local laws prohibiting discrimination. Everfox does not discriminate against any employee or applicant based on race, color, religion, sex, age, national origin, disability, veteran status, marital status, medical condition, or any other category protected by applicable law. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by sending an email to HR@everfox.com 

Everfox is a Federal Contractor. Certain positions with Everfox require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.

Applicants must have the right to work in the location to which you have applied.