IA Engineer - Intermediate

Overview

DecisionPoint seeks an Intermediate Information Assurance Engineer to support cybersecurity, compliance, and risk management activities for Global Information Technology Support Services supporting the Military Surface Deployment and Distribution Command (SDDC) Deputy Chief of Staff for Information Management (G6). This position supports the protection, monitoring, assessment, and compliance of SDDC information systems and enterprise IT environments.

The Intermediate Information Assurance Engineer will support Risk Management Framework activities, vulnerability management, STIG compliance, POA&M tracking, incident reporting, cybersecurity documentation, and compliance monitoring across SDDC systems. The role requires experience supporting secure DoD environments and working with cybersecurity tools and processes such as eMASS, ACAS, Nessus, SCAP, STIGs, RMF artifacts, Cyber Tasking Orders, and vulnerability reporting.

This position is located at HQ SDDC, Scott Air Force Base, Illinois.

Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.

Duties & Responsibilities

The Intermediate Information Assurance Engineer will:

• Support cybersecurity and information assurance activities for SDDC information systems, networks, and business systems.

• Assist with RMF documentation, package development, assessment support, and authorization activities for SDDC systems.

• Update and maintain cybersecurity documentation in eMASS to support current system authorization status, control implementation, and compliance tracking.

• Support development and maintenance of RMF artifacts, including security plans, POA&Ms, security design documentation, assessment materials, and supporting technical documentation.

• Assist with vulnerability management activities, including review of ACAS, Nessus, SCAP, and other security scan results.

• Analyze vulnerability findings and support coordination with system administrators, technical teams, ISSOs, ISSMs, and Government stakeholders to identify remediation actions.

• Support preparation of vulnerability reports, compliance reports, and POA&M updates for open vulnerabilities and IAVM-related findings.

• Monitor STIG compliance for assigned systems and assist with review, validation, documentation, and tracking of STIG findings.

• Ingest or associate STIG findings with applicable RMF controls and assist with maintaining audit-ready compliance documentation.

• Support Cyber Tasking Order tracking, compliance discovery, reporting, and coordination with designated points of contact.

• Assist with firewall, list, PPSM, and other cybersecurity compliance reviews, as required.

• Support incident response and reporting by assisting in the review of anomalous or suspicious activity, researching potential incidents, and coordinating response actions with the ISSO or ISSM.

• Assist with response, containment, eradication, and recovery activities for confirmed security incidents in accordance with SDDC, USTRANSCOM, NETCOM, and DoD procedures.

• Support administration, configuration, reporting, and maintenance of cybersecurity tools such as ACAS, HBSS, NessSecurity Center, SolarWinds SEM, LogRhythm, McAfee Network Security Manager, IDS sensors, or comparable tools.

• Maintain accurate records, reports, trackers, and technical documentation to support audits, inspections, assessments, and Government reporting requirements.

• Ensure assigned cybersecurity activities comply with applicable DoD, Army, USTRANSCOM, SDDC, RMF, STIG, and information assurance requirements.

Qualifications

Clearance Requirement:

• Must hold an active Secret clearance.

• Must be eligible to obtain and maintain required Common Access Card (CAC), facility access, system access, and Government network access.

Education:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or related technical discipline.

Experience:

• Minimum 5 years of experience supporting cybersecurity, information assurance, RMF, vulnerability management, or compliance activities within DoD or federal environments.

• Experience supporting RMF authorization activities, cybersecurity documentation, control assessment, and compliance reporting.

• Experience using or supporting eMASS for RMF package management, control documentation, POA&M tracking, and authorization support.

• Experience reviewing vulnerability scan results and supporting remediation tracking using tools such as ACAS, Nessus, SCAP, or comparable DoD-approved scanning tools.

• Experience supporting DISA STIG review, compliance validation, audit preparation, and finding remediation.

• Experience developing, updating, and tracking POA&Ms for cybersecurity findings, RMF controls, IAVMs, or vulnerability management activities.

• Experience supporting incident response, suspicious activity reporting, compliance reporting, and coordination with ISSO, ISSM, or cybersecurity leadership.

Technical Knowledge:

• Knowledge of DoD cybersecurity policies, RMF, eMASS, DISA STIGs, POA&M management, IAVM compliance, and vulnerability management processes.

• Familiarity with ACAS, NessSecurity Center, SCAP scanning, HBSS, McAfee security tools, IDS sensors, or similar cybersecurity tools.

• Understanding of cybersecurity compliance reporting, Cyber Tasking Orders, cyber scorecards, vulnerability index reporting, and audit support.

• Knowledge of system security documentation, assessment procedures, control inheritance, ATO support, and continuous monitoring.

• Understanding of secure configuration management, system hardening, patching, incident handling, and DoD information protection requirements.

• Ability to interpret technical scan results, identify risk impacts, and coordinate practical remediation recommendations with technical teams.

Certifications (Preferred):

• Must hold applicable DoD 8140 / 8570 cybersecurity workforce baseline certification as required for the position.

• Must meet applicable PWS IA baseline and computing environment certification requirements, as validated against the DD254 and final RFP.

• Security CE, CySA , CASP , CISSP, or other DoD-approved cybersecurity certification preferred, depending on final labor category and access requirements.

Skills:

• Strong analytical and problem-solving skills in cybersecurity and compliance-driven environments.

• Ability to document technical findings clearly and maintain accurate RMF, POA&M, and compliance records.

• Strong attention to detail when reviewing vulnerability findings, STIG checklists, RMF controls, and audit artifacts.

• Ability to coordinate effectively with system administrators, cybersecurity staff, Government stakeholders, and technical leads.

• Strong written and verbal communication skills for reporting findings, risks, remediation status, and compliance posture.

• Commitment to protecting DoD information systems, supporting mission assurance, and maintaining continuous cybersecurity compliance.

Our Equal Employment Opportunity Policy

• EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
• Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
• Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.