Cyber Security InfoSec Engineer

About The Position

Requirements

• Active TS/SCI with Polygraph
• Typically requires a Bachelor of Science (BS) degree, or relevant demonstrable experience
• Hands on experience with Linux (CLI)
• Hands on experience with scripting and programming languages like BASH and Python
• Solid understanding of, experience with networking (e.g., ports, routing tables, subnets, VPNs, firewalls, routers, etc.) to include design, integration and troubleshooting issues
• Experience in working on teams utilizing Agile workflows and processes
• Strong understanding of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and Common Vulnerabilities and Exposures (CVEs)
• Experience with RMF workflow tools
• Strong communication, organizational, and writing skills
• Must be able to clearly and directly articulate their findings and recommendations.
• Must be open minded to considering alternative approaches to possible security issues noted by other team members

Responsibilities

• Participate in the team’s regularly scheduled Agile tag up (scrum) meetings and report on the status of their assigned Jira issues
• Attend ad-hoc TEMs with the team to discuss and weigh in on numerous architectural aspects of the systems for assessing security impacts that may arise with system changes
• Assist with and/or lead security scans of the systems and report and analyze findings for impacts
• Review any security findings (CVEs) as noted by outside entities for system impact analysis and how best to proceed with addressing them
• Participate in team TEMs and review future system changes/new features for security impacts
• Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
• Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines
• Participate in creating secure architectures and designs
• Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
• Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements
• Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts
• Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
• Performing vulnerability scanning and analysis of the system
• Perform remediation and develop security implementations based on security findings
• Interface with Information System Security Managers (ISSM) to develop and accredit the system
• Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief management