Tapestry Solutions, A Boeing Company Information Assurance Engineer in San Diego, California
Information Assurance Engineer
Req ID#: 18-1248
Posting Location: San Diego - CA
Tapestry Solutions, A Boeing Company, comes with over 30 years of industry experience designing, implementing, training and supporting logistics information systems. We have over 800 employees worldwide supporting our customers with high quality, innovative, and cost-effective information technology and business intelligence solutions. Tapestry Solutions supports 85 defense, commercial and government customers from over 50 US locations and 9 countries, including multiple forward operating bases in Afghanistan.
Title: Information Assurance Engineer (Senior)
Location: San Diego, CA
Leads the development and deployment of enterprise-wide systems and information security requirements, policies, standards, guidelines and procedures for multiple stakeholder organizations, program/system or unique requirements. Advises on a broad range of compliant information security and data protection requirements. Identifies root causes, prioritizes threats and recommends and/or implements corrective action. Performs security compliance monitoring. Participates in security policy assessments and audits.
Leads the development and deployment of enterprise-wide systems and information security requirements, policies, standards, guidelines and procedures with multiple stakeholder organizations, program/system or unique requirements. Evaluates and responds to emerging security issues. Evaluates capability risk/gaps and takes and/or coordinates action to meet objectives.
Advises on a broad range of compliant information security and data protection requirements. Analyzes security situations, environmental factors and business objectives. Contributes to or develops security plans to meet assurance or protection requirements.
Analyzes and documents computing security events. Identifies root causes, prioritizes threats and recommends and/or implements corrective action. Determines acceptability of unique configurations and verifies security parameter placement. Tests and deploys risk mitigation processes and tools. Monitors outcome and takes action.
Investigates, analyzes and resolves questions and issues related to security incidents. Tests and deploys incident response processes and tools. Participates on incident response teams.
Collects, preserves and documents security event information to determine facts and maintain chain of custody. Leads or conducts investigations and takes corrective action for secure environments or dispositions event documentation for further action. Represents the enterprise to external regulatory and law enforcement agencies.
Performs security compliance monitoring. Participates in security policy assessments and audits. Evaluates and tests security controls and applications. Documents and certifies security objectives have been met. Conducts corrective action planning.
Evaluates technology, user behavior and environmental trends. Identifies corporate, contractual, and regulatory requirements. Develops training requirements, delivers standard and ad hoc content. Assess near and long term training effectiveness.
Performs other duties as assigned.
Working knowledge of common web application security vulnerabilities (OWASP Top Ten, SANS Top 25, etc.) and programming patterns that lead to them, as well as remediation techniques
Experience complying with DoD IT regulations and developing security assessment documentation (Security Technical Implementation Guides).
Experience with software security testing (static and dynamic analysis)
Experience with enterprise applications (architecture, development, support, and troubleshooting)
Working knowledge of authentication and identity management technologies
Working knowledge of cryptography, including encryption and hashing, to include proper application to real-world situations.
Strong interpersonal and communication skills; ability to work in a team environment
Ability to work independently with minimal direction; self-starter/self-motivated
Technical writing experience
Typical Education and/or Experience Qualifications:
Technical bachelor's degree and typically 9 or more years' related work experience or a Master's degree with typically 7 or more years' or a PhD degree with typically 4 or more years' related work experience or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study.
Preferred Education and/or Experience Qualifications:
Ability to obtain and maintain DoD Secret Level Clearance
Penetration testing experience
HP Fortify (source code analysis) experience
IBM AppScan (dynamic application security testing) experience
Experience working with JIRA
Experience with SonarQube
Tapestry Solutions is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law.