Cyber Security Systems Engineer
About The Position
We are searching for a self-motivated Cyber Security Engineer to join our Joint Mission Integration and Experimentation Division within the Information Advantage Office of the Applied Research Laboratory (ARL) at Penn State. The JMIE Division provides special communications capabilities and experimentation networks supporting: Advance command and control across the Department of War; Cross domain solutions to support data transfer across experimental networks and impact levels; Advanced computer tactical systems that deliver edge data processing and machine automation. ARL is an authorized DoD SkillBridge partner and welcomes all transitioning military members to apply. You will: Define, communicate, and implement cybersecurity architecture and administration processes for cloud environments across multiple network domains Collaborate across our cloud infrastructure delivery team and with stakeholders using an Agile process to ensure design, implementation, verification, and continuous monitoring of cloud solutions across multiple domains Develop Risk Management Framework (RMF) Body of Evidence artifacts, including system security plans and cybersecurity concept of operations documents operating within Cloud environments in alignment with existing RMF packages Apply secure software engineering methodologies, security engineering principles, secure design and secure coding techniques along with the control selection, configuration and operation of applicable tools, including static analysis and dynamic analysis together with supporting processes. This includes testing of the system security requirements implementation across infrastructure to ensure security control validation as well as functionality Perform application security assessments in a DevSecOps continuous integration and continuous deployment (CI/CD) environment in support of client cybersecurity efforts Perform activities, including assessment planning, analysis, and reporting Employs best practices when implementing security controls, secure architecture and design to include software engineering methodologies, security engineering principles, secure design and secure coding techniques along with the control selection, configuration and operation of applicable tools, including static analysis and dynamic analysis together with supporting processes. This includes testing of the system security requirements implementation across infrastructure to ensure security control validation as well as functionality Responsible for the coordination, generation and oversite of RMF documentation for the successful accreditation of multiple cloud environments including the Cyber Security Strategy and Continuous Monitoring Plans as well as overall program lifecycle RMF requirements to include but not be limited to patch management, supply chain, change and defect management Mentor and supervise team members, as needed Additional responsibilities for higher level position includes: Interface with Information System Security Officers (ISSO) and Information System Security Managers (ISSM), including reviewing documentation, systems security plans (SSPs), risk assessment reports, accreditation packages, and Plan of Actions and Milestones (POA&Ms) Work independently to develop RMF A&A documentation and artifacts to obtain RMF Authority to Operate (ATO)
Requirements
- Multiple years of experience with developing Risk Management Framework (RMF) products and working through system accreditations to ensure RMF implementation across multiple environments
- Experience in security focused system design that can be scalable across multiple domains while accounting for security requirements across multiple system architectures
- Background providing subject matter expertise in a cyber domain, including vulnerability management and assessment, scanning tools, and assessing system compliance with security controls
- Versed in reviewing policy, planning compelling evidence documents, and writing test results for NIST 800-53 / JSIG Security Controls and Assessment Procedures
- Active TS/SCI security clearance
Nice To Haves
- Delivering configuration management (CM) for information system security software, hardware, and firmware
- Past experience as a System or Network Administrator
- Work experience with Windows and Linux environments
- Ability to analyzing technical and policy documentation for DoD organizations
- Developing training materials in compliance with DoD or DON RMF process training
- Experience with eMASS, ACAS and applying STIGs
- Governance, Risk, and Compliance (GRC), CISM, CCISO, CISSP, GIAC, GSLC, or CASP+ Certification
Responsibilities
- Define, communicate, and implement cybersecurity architecture and administration processes for cloud environments across multiple network domains
- Collaborate across our cloud infrastructure delivery team and with stakeholders using an Agile process to ensure design, implementation, verification, and continuous monitoring of cloud solutions across multiple domains
- Develop Risk Management Framework (RMF) Body of Evidence artifacts, including system security plans and cybersecurity concept of operations documents operating within Cloud environments in alignment with existing RMF packages
- Apply secure software engineering methodologies, security engineering principles, secure design and secure coding techniques along with the control selection, configuration and operation of applicable tools, including static analysis and dynamic analysis together with supporting processes. This includes testing of the system security requirements implementation across infrastructure to ensure security control validation as well as functionality
- Perform application security assessments in a DevSecOps continuous integration and continuous deployment (CI/CD) environment in support of client cybersecurity efforts
- Perform activities, including assessment planning, analysis, and reporting
- Employs best practices when implementing security controls, secure architecture and design to include software engineering methodologies, security engineering principles, secure design and secure coding techniques along with the control selection, configuration and operation of applicable tools, including static analysis and dynamic analysis together with supporting processes. This includes testing of the system security requirements implementation across infrastructure to ensure security control validation as well as functionality
- Responsible for the coordination, generation and oversite of RMF documentation for the successful accreditation of multiple cloud environments including the Cyber Security Strategy and Continuous Monitoring Plans as well as overall program lifecycle RMF requirements to include but not be limited to patch management, supply chain, change and defect management
- Mentor and supervise team members, as needed
- Interface with Information System Security Officers (ISSO) and Information System Security Managers (ISSM), including reviewing documentation, systems security plans (SSPs), risk assessment reports, accreditation packages, and Plan of Actions and Milestones (POA&Ms)
- Work independently to develop RMF A&A documentation and artifacts to obtain RMF Authority to Operate (ATO)
Benefits
- Penn State provides a competitive benefits package for full-time employees designed to support both personal and professional well-being.
- In addition to comprehensive medical, dental, and vision coverage, employees enjoy robust retirement plans and substantial paid time off which includes holidays, vacation and sick time.
- One of the standout benefits is the generous 75% tuition discount, available to employees as well as eligible spouses and children.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
