Apply on Employer Site

ECS · 2 days ago

Information Assurance Specialist

Washington, DC

Full-time

Onsite

Mid, Senior Level

$90K/yr - $120K/yr

5+ years exp

ECS is a leading mid-sized provider of technology services to the United States Federal Government, seeking an Information Assurance Specialist to support the Department of State's Bureau of Diplomatic Technology. The role involves conducting technical assessments of data systems, executing vulnerability scanning, and ensuring compliance with security standards.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct in-depth security configuration assessments of database management systems (DBMS) (e.g., Oracle, SQL Server, PostgreSQL) against DOS Configuration Guides, DISA STIGs, and CIS Benchmarks

Analyze database permission settings, encryption implementation, and auditing configurations to verify compliance with NIST SP 800-53 Rev. 5 controls

Perform manual validation of technical controls that cannot be fully assessed via automated scanning, ensuring comprehensive coverage of the system boundary

Execute and analyze automated vulnerability scans using agency-approved tools (e.g., Tenable Nessus, dbProtect, AppDetective)

Analyze security tool reports to differentiate false positives from valid findings, determining actual residual risk based on the operational environment

Correlate scan data with system inventory to ensure 100% asset coverage within the authorization boundary

Develop the technical portions of Security Assessment Plans (SAP), identifying the specific tools and methods required for database and infrastructure testing

Document objective evidence of findings, including screenshots, raw scan logs, and configuration exports, to support the Security Assessment Report (SAR)

Provide detailed remediation guidance to System Administrators and ISSOs to resolve technical findings and update Plans of Action and Milestones (POA&Ms)

Support Information Security Continuous Monitoring (ISCM) by performing periodic database scans and security impact analyses of changes to the data environment

Verify the effectiveness of remediation efforts through regression testing and re-scanning of patched systems

Qualification

Information SecurityVulnerability ManagementDatabase SecurityNIST SP 800-53AVulnerability ScanningCISSPCEHCISASQLPythonPowerShellAWSAzureTechnical ReportingSoft Skills

Required

Active Secret Security Clearance (Required)

5+ years of Information Security experience, with a focus on technical assessments and vulnerability management

Proven experience auditing and securing major database platforms (SQL, Oracle, etc.) and interpreting DOS Configuration Guides and/or DISA STIGs for databases

Hands-on proficiency with scanning tools such as Nessus, Burp Suite, AppDetective, or similar vulnerability assessment solutions

Deep understanding of NIST SP 800-53A assessment procedures and how they apply to technical infrastructure

Ability to translate raw scan data into actionable risk findings for the Security Assessment Report (SAR)

Preferred

One or more of the following is highly preferred: CISSP, CEH, CISA, or database-specific security certifications (e.g., Oracle Certified Professional)

Familiarity with SQL, Python, or PowerShell to automate data collection and configuration checks

Experience assessing database services in AWS (RDS) or Azure (SQL DB)

Prior experience supporting Department of State or DHS technical assessment programs

Company

ECS

Glassdoor3.6

ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.

Founded in 2001

Fairfax, Virginia, USA

1001-5000 employees