Cyber Security Engineer / Information Systems Security Officer (ISSO)

About The Position

Requirements

• MS STEM degree and 12+ years of related professional experience.
• Active Secret Clearance, must be able to obtain TS
• DoD 8570 compliant IAM Level II certification is required (Sec +)
• Experience with DoD's RMF and SSP processes

Nice To Haves

• Understanding in using cybersecurity testing tools (e.g., Nessus, Metasploit, Burp Suite) and scripting languages (e.g., Python, PowerShell).
• Excellent project management skills, with the ability to manage multiple testing projects simultaneously.
• Strong analytical and problem-solving skills, with a keen attention to detail.
• Exceptional communication skills, both written and verbal, with the ability to convey complex technical information to diverse audiences.

Responsibilities

• Support the planning and execution of comprehensive cybersecurity testing initiatives, including vulnerability assessments, penetration tests, and cybersecurity audits, with a focus on Missile Defense Agency (MDA) architectures and Ground-based Midcourse Defense (GMD) systems.
• Monitor and actively participate in the execution of cybersecurity tests specifically tailored to MDA and GMD environments, ensuring strict adherence to industry best practices, organizational standards, and relevant MDA security policies and guidelines.
• Performs onsite SME role and oversight during GMD Cyber Test Events.
• During test execution, conduct over-the-shoulder observation of assessment teams(s), with responsibility to approve/deny cyber tasks during assessment and ensure teams fully back out of all injection points and entry into the GM system.
• During cyber test execution, monitor scenarios for anomalous behavior and assess impacts to the GMD system.
• Analyze pre and post cyber test data, including scan reviews, to make a determination whether GM systems can be restored to baseline configuration.
• Assess Test Requirements/Objectives and advise GMD Cyber Test on test methodology and provide meaningful test objectives/vectors to demonstrate the GMD system is protected against cyber-attack threats.
• Expertly manage the identification, meticulous documentation, and rigorous tracking of vulnerabilities and security risks uncovered during testing of MDA and GMD systems, utilizing established vulnerability management processes.
• Conduct and support post-test briefings (Emerging Results Brief, Post Test Analysis Brief), providing comprehensive analysis of test findings and recommendations for enhancing the security posture of MDA and GMD systems.
• Conduct and/or meticulously review post-test analysis reports, identifying trends, root causes, and systemic weaknesses impacting the security of MDA and GMD systems, and providing actionable recommendations for improvement.
• Possess the ability to conduct in-depth analysis of test data to inform future testing efforts and security enhancements.
• Proficiently coordinate and support Cooperative Vulnerability Identification (CVI), Adversarial Cybersecurity Developmental Test & Evaluation (DT&E) (ACD), Cooperative Vulnerability Penetration Assessment (CVPA), and Adversarial Assessment (AA) test plans and on-site test integration activities, ensuring alignment with MDA’s cybersecurity requirements for GMD and related systems.
• Support development and maintain detailed, risk-based test plans, schedules, and resource allocation strategies for cybersecurity testing activities, specifically addressing the unique characteristics and vulnerabilities of MDA and GMD infrastructure.
• Support Coordination with diverse stakeholders, including security analysts, developers, project managers, and MDA representatives, to guarantee alignment with testing objectives, timelines, and MDA security mandates.
• Coordinate, support, and/or author (as required) comprehensive Event Cybersecurity Plans (ECsP) to secure test events involving MDA and GMD systems, ensuring the integrity and confidentiality of testing activities.
• Effectively communicate complex test results and security risks to both technical and non-technical stakeholders, including senior management and MDA leadership, providing actionable insights and recommendations for remediation.
• Facilitate organizational meetings with stakeholders, presenting clear and concise updates on cybersecurity testing progress within the context of MDA and GMD security objectives.
• Provide expert support for milestone test reviews (Kickoff Planning Meeting, Test Readiness Review, Test Concept Brief), ensuring that cybersecurity testing aspects are thoroughly addressed and aligned with MDA requirements.
• Facilitate and support Integrated Cyber Test Team planning meetings, fostering collaboration and communication among team members involved in securing MDA and GMD assets.
• Serve as a primary point of contact for all cybersecurity testing activities related to MDA and GMD systems, effectively facilitating communication and collaboration among cross-functional teams and MDA personnel.
• Mentor and train junior team members, imparting expertise in cybersecurity testing techniques, tools, and methodologies relevant to MDA and GMD environments.
• Actively participate in cybersecurity incident response efforts as needed, contributing specialized expertise in vulnerability assessment, risk management, and the security of MDA and GMD systems.
• Support ad hoc meetings/discussions regarding test schedule/asset availability as needed, ensuring that cybersecurity testing activities remain aligned with MDA’s operational requirements for GMD and other related systems.
• Assist in Visitor Access Requests (VAR) for test team members at all lab facilities involved in MDA and GMD testing, ensuring compliance with security protocols and access control procedures.

Benefits

• medical
• dental
• vision
• paid time off
• Employee Stock Ownership Plan (ESOP)
• 401(k)
• life insurance
• flexible work schedules
• holidays