Cyber Security/Information Assurance A&A Engineer


Job Description:

Ortman Consulting is looking for a Cyber Security/Information Assurance A&A Engineer with multi-level security domain application experience. This A&A Engineer/Information Systems Security Officer (ISSO) will be responsible for security processes and implementation supporting a large customer on a new multi-year contract. Responsibilities include the performance, review, and conduct of technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies to the team.

The ideal candidate should have at least 3-5 years of experience in Information Assurance positions and experience with implementing and accrediting multi-level mobility solutions (e.g. AIS SecureView, Raytheon ForcePoint TCS, etc.). This position is targeted for both dedicated support roles and short term reactive support and proactive engagements where occasional, 2-7 day trips to other customer facilities may be required 2-3 times per year.

The successful candidate must be a U.S. Citizen with a Top Secret/SCI with poly and current SSBI

The selected candidate must be able to start within 30 days of offer acceptance.

Required Skills:
This position is a challenging role in a multi-contractor team supporting a fast moving program for multiple customers and/or projects. This requires expertise in Information Assurance and A&A for a multi-level mobile environment. As part of the Ortman Consulting team, you would be required to work directly with our Customers as well as provide occasional consulting on related projects including occasional proposal support. This role requires a self-starting engineer that can work either individually or as part of a team. Required skills include:

  • Expert knowledge and experience in A&A with DCID 6/3/ICD-503
  • Knowledge of NIST 800-53, DIACAP, or DODIIS security requirements
  • Experience with system hardening including STIGs
  • Proficiency in validating and verifying system security requirements definitions and analysis and establishes system security designs for controls.
  • Ability to design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
  • Experience with building IA into systems and services deploying into operational environments at multiple classification levels
  • Ability in assisting architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.
  • Proficiency in designing and implementing trusted interfaces among external systems and architectures.
  • Experience with assessing and mitigating system security threats/risks throughout the program life cycle.
  • Knowledge of security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
  • Familiarity with creating and reviewing A&A Body of Evidence documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.

Required Education :
BS in IA/Cyber Security/Computer Science or equivalent technical degree and 3-5 years of experience in a similar role.

Desired Skills:
Strong demonstrable development experience/expertise in one or more of the following technologies is desirable:

  • Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification
  • Strong Windows administration and hardening experience
  • Strong network and host security background in Windows
  • Experience with implementing SecureView and/or TCS based solutions
  • Hyper-V, SCCM, WSUS, and patching experience
  • Outstanding communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels
  • Proficiency in scanning systems and assisting the team in remediating vulnerabilities
  • Ability to communicate effectively with senior management in government and contractor teams
  • Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders
  • Experience working on and supporting classified networks
  • Familiarity with cloud and virtual hosting environments


  • Experience implementing a ICD-503 based A&A processes using XACTA
  • Experience with Aruba and/or Cisco VPN Devices
  • Security architecture design experience
  • Experience with System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, Plan of Action & Milestones
  • Experience with ACAS, and other scanning tools
  • Master’s degree in IA/Cyber Security/Computer Science
  • Active Directory (architecture, design, disaster recovery and troubleshooting), IIS and ISA.
  • Debugging skills in the Windows Platform
  • Up to date with Windows 7 and Windows 10 client
  • Experience with network captures and network troubleshooting

ITIL V3 Foundations is desired
DoD 8570 certification (Security+)
Advanced IT certifications– technical certifications such as CISSP, RHCE, CCIE, SANS, etc. is a plus

To apply for this job email your details to