26-205 C2BMC Cyber A&A Engr

About The Position

Requirements

• Bachelor's degree in Engineering, or a related Science or Mathematics field, plus a minimum of 5 years of relevant experience; or Master's degree plus a minimum of 3 years of relevant experience.
• 3+ years of related experience and/or post-secondary degree in a relevant discipline.
• Active TS/SCI clearance required.
• IAT Level II/IAM Level I DoD 8570 certification (e.g., Security+ CE or equivalent).
• Strong security engineering skills with knowledge of cybersecurity technology and DoD/Federal policies (e.g., DoDI 8500.01, NIST SP 800-53).
• Proficiency in Enterprise Mission Assurance Support Service (eMASS).
• In-depth understanding of the RMF Cybersecurity Lifecycle, including controls, overlays, requirements generation, architecture design, audit tools, and compliance assessments.
• Knowledge of Software Assurance (SwA) tools for static and dynamic code analysis (e.g., Fortify, SonarQube).

Nice To Haves

• Experience with Windows and Red Hat Enterprise Linux (RHEL) system administration.
• Background in working within virtual environments, dockers, and containers.
• Proficiency in administering ACAS and Endpoint Security Solutions (ESS).
• Experience using ConfigOS for system hardening.
• Experience working with or familiarity with Al/ML models is preferred.
• Identifies opportunities to apply Al for continuous improvement and innovation.

Responsibilities

• Manage and track DD Form 2875 user account forms and training for privileged and non-privileged accounts, including annual account validations and coordination with system administrators for account creation, modification, and removal.
• Assess systems and networks in virtual environments for compliance with configurations, policies, and standards using tools like STIG Viewer, SCAP, and ACAS.
• Perform Security Technical Implementation Guide (STIG) assessments and hardening for Windows, Red Hat Enterprise Linux (RHEL), and networking equipment using ConfigOS.
• Develop test plans and document expected outcomes of STIG checks.
• Update RMF documentation to ensure non-compliance issues are tracked and remediated.
• Implement government cybersecurity policies (e.g., NISPOM, NIST, DoD) and recommend process improvements.
• Conduct compliance audits, vulnerability assessments, and periodic reviews of systems to validate cybersecurity controls.
• Prepare and maintain RMF artifacts, including Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Ports, Protocols, and Services Management documentation, and Plan of Actions and Milestones (POA&M).

Benefits

• highly competitive benefits
• flexible work environment where contributions are recognized and rewarded