Cyber Security Engineer

Trinity Global Consulting•Springfield, VA

10d

About The Position

Duties May Include: Apply RMF processes to support system Assessment & Authorization (A&A), including control selection, implementation, assessment, and continuous monitoring Develop, review, and maintain security documentation such as SSPs, POA&Ms, SARs, and ATO artifacts in tools such as XACTA or eMASS Conduct vulnerability assessments and compliance scans (e.g., ACAS) and track remediation of findings and IAVM requirements Implement and validate security controls aligned with NIST 800-53, CNSSI 1253, and related DoD guidance Support system hardening, patching, and configuration management in compliance with STIGs for Linux, Windows, and network devices Monitor systems for security events and support incident response and risk mitigation activities Assess security impacts of system changes and support configuration control boards (CCBs) Collaborate with system engineers, administrators, and DevSecOps teams to integrate security throughout the system lifecycle Provide cybersecurity risk input to program leadership, Authorizing Officials (AOs), and stakeholders

Requirements

Bachelor's degree with 5+ years of experience (or equivalent experience)
DoD 8570 IAT Level II or higher certification (e.g., Security+, CySA+, CISSP)
Experience with RMF, A&A, POA&M, and ATO documentation (XACTA/eMASS)
Hands-on vulnerability scanning and compliance tracking (ACAS, IAVM)
Experience securing Linux and Windows systems, STIGs, patching, and system hardening
Knowledge of NIST 800-series publications and incident response processes
Strong analytical, communication, and collaboration skills
US Citizenship required
Active or current (within two years of active) Top Secret clearance with SCI eligibility

Nice To Haves

Scripting or development experience (Python, Java, React)
DevSecOps tools and pipeline experience
Experience with Linux (Red Hat/CentOS), databases, web apps, or big data platforms
Familiarity with Agile environments and tools (Jira, Confluence)
Experience with NIST SP 800-171 and System Security Engineering (SSE)

Responsibilities

Apply RMF processes to support system Assessment & Authorization (A&A), including control selection, implementation, assessment, and continuous monitoring
Develop, review, and maintain security documentation such as SSPs, POA&Ms, SARs, and ATO artifacts in tools such as XACTA or eMASS
Conduct vulnerability assessments and compliance scans (e.g., ACAS) and track remediation of findings and IAVM requirements
Implement and validate security controls aligned with NIST 800-53, CNSSI 1253, and related DoD guidance
Support system hardening, patching, and configuration management in compliance with STIGs for Linux, Windows, and network devices
Monitor systems for security events and support incident response and risk mitigation activities
Assess security impacts of system changes and support configuration control boards (CCBs)
Collaborate with system engineers, administrators, and DevSecOps teams to integrate security throughout the system lifecycle
Provide cybersecurity risk input to program leadership, Authorizing Officials (AOs), and stakeholders

Benefits

Medical, Dental & Vision Coverage – Coverage for eligible employees and family through CareFirst and VSP.
Paid Time Off – PTO granted in accordance with contract requirements.
Paid Holidays – 11 federal holidays observed annually.
Disability & Life Insurance – Short-term/long-term disability, life insurance, and AD&D coverage included.
401(k) Retirement Plan – Competitive plan managed through Ameritas.
Professional Training – Formal training provided as required, with additional learning opportunities based on role.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume