Cyber Security Engineer

About The Position

Requirements

• Active DOD Secret security clearance.
• Bachelor’s Degree (Computer Science, Engineering or similar) and at least 3 years of experience OR an Associate’s degree and at least 7 years of experience OR no degree and at least 9 years of experience.
• Security + CE certification or higher.
• Fluent in the use of eMASS.
• Fluent in analyzing ACAS Vulnerability scans, DISA STIGs/SRGs, and processes related to residual risk identification.
• Capability to communicate across cross-functional teams.
• Familiarity with Systems Security Engineering (SSE) documentation (e.g. Cybersecurity Strategies, Information Support Plans, Program Protection Plans (PPPs)).
• Knowledge of, and skill in applying DoD RMF to conduct risk and vulnerability assessments of planned and installed information systems and identify vulnerabilities, risks, and protection needs.
• Knowledge of AR 25-2 Army Cybersecurity and DoDI 8510.01 Risk Management Framework (RMF 2.0) for DOD Information Technology (IT).

Nice To Haves

• Experience with identifying applicable STIGs, integrating security controls, and validating their implementation on Linux OSs, Microsoft Windows & Windows Server, Microsoft Office, VMware, Nutanix, Cisco IOS, Windows and Palo Alto Firewall, Containers, and Hyper-V products.
• Fluent in conducting ACAS Vulnerability scans and DISA STIGs/SRGs.
• Familiarity with Army Systems Acquisitions Process, milestone decision points, and related cybersecurity artifact requirements.
• Experience with GovCloud environments (Azure & AWS).
• Familiarity with Kubernetes environments (K8s & K3s).
• Aware of fundamental concepts within a DevSecOps environment.
• Familiarity with Zero Trust.

Responsibilities

• Serve as the ISSO and RMF SME for the DoD System Authorization and Accreditation process for CPE C2IN products.
• Review, assess, and manage systems’ security requirements and validation methods via Enterprise Mission Assurance Support Service (eMASS).
• Provide cybersecurity systems engineering oversight on applications development projects to ensure the appropriate security configuration of the operating environment is enforced.
• Review and assess systems’ security implementation via product-reported Assured Compliance Assessment Solution (ACAS) Vulnerability scans, Defense Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) and Security Requirements Guides (SRGs), and source code vulnerability scans where applicable.
• Identify, communicate, and support resolution of deficiencies in security implementation reporting with product teams.
• Manage Plan of Action and Milestone (POA&M) records with CPE C2IN product teams.
• Communicate DoD RMF system accreditation processes, documentation requirements, and security hardening reporting requirements to CPE C2IN Product development teams.
• Provide security considerations to inform systems/development engineering efforts to reduce errors, flaws, and weaknesses that may constitute security vulnerability leading to unacceptable asset loss and consequences.
• Facilitate continuous monitoring activities for supported CPE C2IN products.
• Coordinate with Engineering and other Cybersecurity personnel to implement and enforce security policies and patch management processes.
• Provide technical consultative/advisory services to the PM/Product Manager (PdM) to review proposed new systems, networks, and software designs for potential security risks.
• Identify and/or assess vulnerabilities and susceptibility to life cycle disruptions, hazards, and threats.
• Support development of program cybersecurity policies and procedures to ensure information systems reliability and accessibility in accordance with Army & DISA requirements to prevent and defend against unauthorized access to systems, networks, and data; for short- and long-term mission and goals of the PM.
• Collaborate responses for Army Cyber (ARCYBER) Cyber Tasking Order (CTO) compliance reporting and vulnerability remediation/mitigation requests for information (RFIs).
• Support system accreditation and Security Control Assessor – Validation events.

Benefits

• health insurance
• retirement plans
• professional development opportunities
• flexible time off
• learning resources
• comprehensive benefits