Overview

Onyx is seeking experienced Information Assurance Engineers/Information System Security Officers (IA Engineer/ISSOs) to support a Federal Government customer. The IA Engineer/ISSO is responsible for ensuring the confidentiality, integrity, and availability of customer information systems by designing, implementing, and managing security controls that protect critical government assets.

This role works closely with system owners, engineers, security professionals, and program leadership to maintain compliance with federal cybersecurity requirements while supporting secure system operations throughout the system lifecycle.

Covered Labor Categories

Senior IT Consultant (Senior Cloud ISSO / Senior Security Engineer)

Experience: 10+ years
Certification: CISSP or equivalent certification

Key Responsibilities

Policy and Governance

Support the development and maintenance of cybersecurity policies, standards, procedures, strategies, and communications supporting the customer's mission.
Ensure security services are performed in accordance with:
- NIST SP 800-37
- NIST SP 800-53
- Federal Information Security Modernization Act (FISMA)
- Organization-level policies, directives, and guidelines

Security Architecture & Implementation

Design and implement security controls that protect information systems, applications, and networks.
Develop security architectures, policies, standards, and procedures aligned with federal cybersecurity requirements.
Support secure cloud and on-premises environments.

Security Assessments & Compliance

Conduct security assessments and vulnerability reviews of information systems.
Identify security weaknesses and recommend mitigation strategies.
Ensure compliance with applicable federal standards, including:
- NIST
- FISMA
- FedRAMP
Collaborate with stakeholders to remediate identified findings.

Incident Response

Participate in cybersecurity incident response activities.
Assist in developing and testing incident response plans and playbooks.
Support investigation and resolution of security incidents.

Continuous Monitoring

Monitor security tools, system logs, and network activity to identify suspicious behavior.
Analyze alerts and security data for indicators of compromise.
Support ongoing continuous monitoring activities.
Assist with internal and external cybersecurity audits and remediation efforts.

POA&M Management

Develop, maintain, and report Plans of Action and Milestones (POA&Ms).
Track remediation efforts through completion.
Provide status updates to customer leadership.

Required Qualifications

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
Minimum experience requirements:
- Senior Cloud ISSO / Senior Security Engineer: 10+ years
Relevant cybersecurity certifications such as:
- CISSP
- CAP
- CISM
- CISA
- CompTIA Security+
- GIAC certifications
- Equivalent DoD-approved certifications
Demonstrated experience supporting information security programs within Federal Government or other highly regulated environments.
Strong knowledge of:
- NIST Risk Management Framework (RMF)
- NIST SP 800-37
- NIST SP 800-53
- FISMA
- FedRAMP
Experience with enterprise security technologies, including:
- Firewalls
- Intrusion Detection/Prevention Systems (IDS/IPS)
- Security Information and Event Management (SIEM)
- Encryption technologies
- Identity and Access Management (IAM)
- Authentication protocols
Excellent analytical, problem-solving, and organizational skills.
Strong written and verbal communication skills.
Ability to work effectively in a collaborative, cross-functional environment.

Clearance Requirements

Active Public Trust clearance required.
Ability to obtain and maintain a Secret security clearance.

Preferred Qualifications

Experience supporting cloud security initiatives within AWS, Azure, or Microsoft Government Cloud environments.
Experience supporting Authorization to Operate (ATO) packages and RMF lifecycle activities.
Experience using Enterprise Mission Assurance Support Service (eMASS).
Experience with Security Control Assessments (SCAs).
Knowledge of vulnerability management tools and continuous diagnostics and mitigation (CDM) practices.