Jobs via Dice
Information Assurance Specialist
Location: Washington, DC
Overview ECS is seeking an Information Assurance Specialist to work in our Washington, DC office. This role sits within the Independent Security Control Assessment (ISCA) team and focuses on the technical assessment of high‑value data systems. The specialist will conduct vulnerability scanning, database security configuration analysis, and technical compliance auditing under NIST SP 800‑53A Rev. 5 to support RMF Step 4 (Assessment).
Key Responsibilities
Database & Technical Assessment
Conduct in‑depth security configuration assessments of database management systems (Oracle, SQL Server, PostgreSQL) against DOS Configuration Guides, DISA STIGs, and CIS Benchmarks.
Analyze database permission settings, encryption, and auditing configurations to verify compliance with NIST SP 800‑53 Rev. 5 controls.
Perform manual validation of technical controls that cannot be fully assessed via automated scanning.
Vulnerability Scanning & Analysis
Execute and analyze automated vulnerability scans using agency‑approved tools (Tenable Nessus, dbProtect, AppDetective).
Analyze security tool reports to differentiate false positives from valid findings and determine residual risk.
Correlate scan data with system inventory to ensure 100 % asset coverage within the authorization boundary.
RMF Step 4 Support
Develop the technical portions of Security Assessment Plans (SAP) and document specific tools and methods for database and infrastructure testing.
Document objective evidence of findings, including screenshots, raw scan logs, and configuration exports.
Provide detailed remediation guidance to System Administrators and ISSOs to resolve findings and update Plans of Action and Milestones (POA&Ms).
Continuous Monitoring
Support Information Security Continuous Monitoring (ISCM) by performing periodic database scans and security impact analyses of changes to the data environment.
Verify remediation effectiveness through regression testing and re‑scanning of patched systems.
Required Skills
Active Secret Security Clearance.
5 + years of information security experience focused on technical assessments and vulnerability management.
Proven experience auditing and securing major database platforms (SQL, Oracle) and interpreting DOS Configuration Guides and DISA STIGs.
Hands‑on proficiency with scanning tools such as Nessus, Burp Suite, AppDetective, or similar.
Deep understanding of NIST SP 800‑53A assessment procedures and how they apply to technical infrastructure.
Ability to translate raw scan data into actionable risk findings for the Security Assessment Report (SAR).
Desired Skills
Certifications: CISSP, CEH, CISA, or database‑specific security certifications (e.g., Oracle Certified Professional).
Familiarity with SQL, Python, or PowerShell to automate data collection and configuration checks.
Experience assessing database services in AWS (RDS) or Azure (SQL DB).
Prior experience supporting Department of State or DHS technical assessment programs.
Salary Range: $90,000 – $120,000
ECS is an equal‑opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other protected status.
#J-18808-Ljbffr
Overview ECS is seeking an Information Assurance Specialist to work in our Washington, DC office. This role sits within the Independent Security Control Assessment (ISCA) team and focuses on the technical assessment of high‑value data systems. The specialist will conduct vulnerability scanning, database security configuration analysis, and technical compliance auditing under NIST SP 800‑53A Rev. 5 to support RMF Step 4 (Assessment).
Key Responsibilities
Database & Technical Assessment
Conduct in‑depth security configuration assessments of database management systems (Oracle, SQL Server, PostgreSQL) against DOS Configuration Guides, DISA STIGs, and CIS Benchmarks.
Analyze database permission settings, encryption, and auditing configurations to verify compliance with NIST SP 800‑53 Rev. 5 controls.
Perform manual validation of technical controls that cannot be fully assessed via automated scanning.
Vulnerability Scanning & Analysis
Execute and analyze automated vulnerability scans using agency‑approved tools (Tenable Nessus, dbProtect, AppDetective).
Analyze security tool reports to differentiate false positives from valid findings and determine residual risk.
Correlate scan data with system inventory to ensure 100 % asset coverage within the authorization boundary.
RMF Step 4 Support
Develop the technical portions of Security Assessment Plans (SAP) and document specific tools and methods for database and infrastructure testing.
Document objective evidence of findings, including screenshots, raw scan logs, and configuration exports.
Provide detailed remediation guidance to System Administrators and ISSOs to resolve findings and update Plans of Action and Milestones (POA&Ms).
Continuous Monitoring
Support Information Security Continuous Monitoring (ISCM) by performing periodic database scans and security impact analyses of changes to the data environment.
Verify remediation effectiveness through regression testing and re‑scanning of patched systems.
Required Skills
Active Secret Security Clearance.
5 + years of information security experience focused on technical assessments and vulnerability management.
Proven experience auditing and securing major database platforms (SQL, Oracle) and interpreting DOS Configuration Guides and DISA STIGs.
Hands‑on proficiency with scanning tools such as Nessus, Burp Suite, AppDetective, or similar.
Deep understanding of NIST SP 800‑53A assessment procedures and how they apply to technical infrastructure.
Ability to translate raw scan data into actionable risk findings for the Security Assessment Report (SAR).
Desired Skills
Certifications: CISSP, CEH, CISA, or database‑specific security certifications (e.g., Oracle Certified Professional).
Familiarity with SQL, Python, or PowerShell to automate data collection and configuration checks.
Experience assessing database services in AWS (RDS) or Azure (SQL DB).
Prior experience supporting Department of State or DHS technical assessment programs.
Salary Range: $90,000 – $120,000
ECS is an equal‑opportunity employer and does not discriminate on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, veteran status, or any other protected status.
#J-18808-Ljbffr