Cyber Engineer

About The Position

Requirements

• Experience in US Navy IT networks

Responsibilities

• Perform ACAS scan of non-production NXP environment to confirm and validate existing vulnerabilities
• Obtain minor software and patch updates from vendors or repositories such as Windows Server Update Services (WSUS) to prepare and deploy patches/minor software upgrades to non-production NXP environment to remediate vulnerabilities and comply with urgent cybersecurity requirements (IAVAs, IAVBs, CTOs, EXORDs, OPORDs, etc.)
• Perform ACAS scan of non-production NXP environment to confirm patches/updates deployed addressed vulnerabilities/findings on target devices and appliances
• Follow Enterprise CM process to document and capture requirement(s) for patch/minor software upgrade
• Follow Enterprise CM process to update (or generate if required) service/solution documentation and/or models (as applicable)
• Follow SOP/approved documentation to prep/package and stage patches or minor updates tested in non-production environment for production deployment by NNWC NXP Operations & Sustainment team
• Ensure Information Assurance Vulnerability Alert Management (IAVM), Communications Task Orders (CTOs), STIG compliance and reporting.
• Maintain compliance with IAVM mandated timeframes associated with the network.
• Identify cyber security requirements prior to customer migration.
• Perform DADMS and DITPR-DON adds and renewals.
• Maintain security compliance for network applications and software. This includes responding to all IAVMs, EXORS, OPORDs, and CTOs for infrastructure and tracking of patches in an enterprise environment.
• Maintain compliance with IAVM mandated timeframes associated with the infrastructure.
• Providing support to respond to cyber security and system Data Calls.
• Provide Vulnerability Remediation Asset Manager (VRAM), data to ensure compliance to technical directives and mitigate against known vulnerabilities.
• Provide updates to DISA Ports protocols services management (PPSM) as required for system accreditation
• Create, attain, manage, and maintain Assessment and Authorization (A&A) packages under RMF for common control provider and information system owner packages. A common control provider is responsible for common controls (i.e., security controls inherited by information systems).
• Create and maintain packages in eMASS
• Assist government team leads when required with the creation of RMF required documentation (External Connection requirements, IT Interconnection Agreements, Security Memorandums of Agreement, Security Memorandums of Record, Risk Assessments, Vulnerability Analysis, POAMs and IAVM program support and guidance).
• Track all new STIG releases along with their deltas and participate in STIG implementation.
• Assist government team leads when required with reporting on Audit Readiness capability in accordance with DISA and Navy customer scoring cards.
• Support the development for a process for maintaining and enforcing security for the infrastructure.
• Assist government team leads when required with IAVM requirements reporting.
• Support security/IA requirements definition by identifying security controls to be put in place for systems and networks. Recommend processes for maintaining and enforcing security/Information Assurance for identified systems, networks and systems in support of security engineering. Document the A&A requirements and processes in support of security engineering.
• Execute security scans in compliance with DoD/DoN standard timeframes for infrastructure and customer systems.
• Assist government team leads when required with reporting on customer hosted systems accreditation status.
• Provide vulnerability assessment scans to the government team leads upon request.
• Evaluate, recommend, integrate and implement innovative and automated continuous monitoring capabilities in support of RMF and Cyber Security compliance.