WHAT DOES AN INFORMATION ASSURANCE ENGINEER DO?

Published: Aug 26, 2025 - The Information Assurance Engineer designs and implements solutions in compliance with Air Force and DoD security policies while addressing enterprise-level system and software performance issues. This role applies technical expertise to perform system administration, maintain hardware, support virtualization environments, and manage host-based security systems. The engineer also collaborates with internal and external stakeholders to analyze requirements, resolve network connectivity problems, and ensure the stability of IT infrastructure.

A Review of Professional Skills and Functions for Information Assurance Engineer

1. Information Assurance Engineer Duties

  • Information Gathering: Gather information necessary to maintain security and establish functioning external barriers such as firewalls and other security measures
  • Documentation Management: Define, create and maintain the documentation for certification and accreditation of each information system in accordance with government requirements
  • Impact Assessment: Assess the impacts of system modifications and technological advances
  • Log Review: Review systems and logs to identify potential security weaknesses, verify security methods, and recommend improvements to address vulnerabilities
  • Change Implementation: Implement and document findings and changes
  • Vulnerability Management: Assist in managing and maintaining and closing vulnerabilities
  • POA&M Support: Assist in managing and maintaining a plan of action and milestones (POA&M)
  • Hardware Inspection: Inspecting computer hardware before disposal
  • Ticket Response: Assist with assessing and responding to security-related requests within various ticketing systems
  • Security Posture: Assist with maintaining operational security posture for information systems
  • Risk Assessment: Assist with performing risk assessment analysis to support Assessment and Authorization (A&A)
  • A&A Preparation: Assist with preparing and reviewing A&A documentation
  • Tool Maintenance: Maintaining the HBSS, ACAS, and IAVM tools

2. Information Assurance Engineer Details

  • Solution Design: Design/implement solutions to comply with Air Force/DOD security policies and IAVA notifications
  • System Support: Respond to enterprise-level inquiries and requests for assistance with computer system configurations and software performance
  • Information Evaluation: Critically evaluate information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from low-level information to a general understanding, and distinguish user requests from the underlying true needs
  • Customer Collaboration: Proactively communicate and collaborate with external and internal customers to analyze information needs and functional requirements and deliver the appropriate materials
  • Problem Resolution: Coordinate with other IT personnel to resolve system problems and develop capability concepts/solutions
  • Technical Translation: Effectively apply technical knowledge to translate abstract concepts or assignments into specific implementation steps that others can implement
  • Hardware Maintenance: Maintain hardware to include system installs, routine services, and catastrophic equipment failure repair
  • System Administration: Perform System Administration on Servers to include Installation, configuration, and applying patches
  • HBSS Management: Set up and manage a government-approved Host-Based Security System (HBSS) solution (currently McAfee)
  • Virtualization Support: Design and support virtualization environments
  • Tool Maintenance: Maintain existing environment and software tools
  • Hardware Monitoring: Monitor Network hardware for failure
  • Network Troubleshooting: Troubleshoot network connectivity issues

3. Information Assurance Engineer Responsibilities

  • CCRI Support: Support Command Cyber Readiness Inspections (CCRI) and Risk Management Framework (RMF) mission sets
  • RMF Management: Develop and sustain RMF Certification and Accreditation (C&A) packages to maintain Authorization to Operate (ATO)
  • eMASS Documentation: Validate and upload RMF documentation into the Enterprise Mission Assurance Support Service (eMASS) portal
  • POA&M Processing: Process and submit Plans of Action and Milestones (POA&Ms)
  • Incident Response: Support IT Incident Response (IR) actions and reporting
  • Order Tracking: Track reporting and processing of Cybersecurity Tasking Orders, Warning Orders and Operation Orders
  • CoN Guidance: Provide packages, templates and guidance to gain approved Army Certificates of Networthiness (CoN) for new or upgraded software
  • Plan Development: Write/develop System Security Plans (SSP) and Tenant Security Plans (TSP)
  • Inspection Support: Support Cybersecurity IT internal and embedded inspection teams
  • Security Scanning: Perform logging, correlation, and scanning with tools such as Fortify Security Control Analyzer (SCA), Assured Compliance Assessment Solution (ACAS), HP ArcSight, and Enterprise Security Management (ESM)
  • STIG Enforcement: Ensure DISA STIGs are implemented and enforced
  • Risk Analysis: Perform enterprise-wide risk analysis and vulnerability assessments

4. Information Assurance Engineer Job Summary

  • A&A Execution: Executes or supports the execution of A&A activities, including development of security documentation, including items such as System Security Plans, Security Assessment Reports, SCTM’s and POA&Ms in compliance with IA policy
  • Audit Reviews: Perform weekly system audit reviews, media reviews, and hardware/software configuration management
  • Security Testing: Executes security testing and evaluation to ensure the correct implementation of security controls
  • Vulnerability Mitigation: Supports the assessment and mitigation of vulnerabilities throughout a system's life cycle
  • Security Training: Conduct IA security education training for all system users on appropriate risk mitigation strategies
  • Incident Handling: Perform incident response and cleanup actions per company or customer directions
  • SSP Compliance: Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and procedures outlined in the System Security Plan (SSP)
  • ISSM Support: Assume ISSM responsibilities as assigned by the Region Manager and/or in the absence of the ISSM
  • Security Auditing: Conduct internal and external vulnerability assessments, scans, and security audits
  • SOC Management: Implement, maintain, and manage SOC monitoring tools
  • Regulation Compliance: Responsible for Data Security Standards (HITRUST and PCI), regulations governing personally identifiable information (PII) and other applicable regulatory compliance frameworks
  • Partner Assessment: Coordinate and drive business partner security assessment activities for both inbound and outbound relationships

5. Information Assurance Engineer Accountabilities

  • RMF Implementation: Work as part of an integrated team to architect, implement, and assess Risk Management Framework (RMF) cybersecurity requirements of networks and systems within the space domain, i.e., across ground, communications, and space segments
  • System Auditing: Utilize a combination of automated tools and manual methods to audit and monitor systems, identify potential vulnerabilities and assist in determining mitigation actions
  • Documentation Support: Contribute to the preparation and maintenance of the RMF body of evidence documentation
  • Impact Assessment: Create and track requests for hardware/software components and conduct security impact assessments of planned tech solutions
  • Change Review: Participate in configuration control boards to assess and communicate potential security impacts of proposed technical, procedural or operational changes
  • Patch Management: Conduct system vulnerability scanning, patch management and flaw remediation activities on Windows and Linux operating systems and various hardware and software components, including those in virtualized environments
  • Configuration Validation: Work closely with system administrators to validate that system patches and security-relevant configuration changes are implemented correctly and functioning as intended
  • Monitoring Execution: Perform information system continuous monitoring using established plans and checklists
  • Issue Resolution: Assist customer staff, program managers, subcontractors, and system operators with identifying and resolving technical and non-technical security issues
  • Control Assessment: Prepare and execute security control assessment procedures to verify conformance with Department of Defense (DoD), Intelligence Community, Special Access Program, and Space Force security control requirements