Cyber Systems Engineer

Cortina Solutions•Colorado Springs, CO

2d•Onsite

About The Position

Cortina Solutions, LLC is seeking a Senior Principal Cyber Engineer in Colorado Springs, Colorado, to support our mission critical Government customer. As the Cyber Engineer, you will perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments. Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems. This includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits. Assist in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed. Work with small teams and interface with customers and senior managers, focused on the Operations & Sustainment of several interconnected network. Understand and work with systems engineering processes, Agile development, and DevOps is essential for mission success. Assist in the implementation of the required government policy to make recommendations on project tailoring, participate in and document project activities. Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards. Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports. Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M. You will periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.

Requirements

Bachelor's Degree in STEM discipline with 5 years of experience in information assurance/cyber engineering OR Master's degree in STEM discipline with 3 years of experience in information assurance/cyber engineering
An active TS/SCI with Polygraph
CompTIA Security+ or other 8570 approved certification
Position is Mon - Fri: may require on-call, evening, and weekend support during system anomalies and or mission requirements
Experience with Risk Management Framework (RMF) process, and DoD Security Technical Implementation Guides (STIGs)
Experience documenting Standard Operating Procedures (SOPs) and continuous monitoring (ConMon) activities
Experience with the configuration and operation of the following: DISAAutomated Security Compliance Assessment Solution (ACAS) - Tenable Security Center/Nessus, Endpoint Security Solutions (ESS/HBSS) and McAfee Endpoint tools, Splunk SCCM, SCAP Compliance Checker, and Xacta
Experience in Server System Administration and troubleshooting analysis in some or all the following platforms: Linux, Windows servers/clients, and Oracle/SQL Databases

Nice To Haves

9 years of experience as a Cybersecurity Analyst with strong working knowledge and understanding of Cyber technologies, Risk Management Framework (RMF) process
9 years of experience with configuration and operation of the following: DISAAutomated Security Compliance Assessment Solution (ACAS) - Tenable Security Center/Nessus, Endpoint Security Solutions (ESS/HBSS) and McAfee Endpoint tools, Splunk SCCM, SCAP Compliance Checker, and Xacta
Experience collaborating in a team environment with other highly motivated system and network engineers
Experience designing, implementing, and maintaining Active Directory and Group Policy for Windows 10 and Server 16
Experience designing, implementing, and maintaining system backups
Experience hardening server and client systems using DoD STIGS
Experience or understanding in serial communication
Experience using and/or maintaining Atlassian applications: Jira, BitBucket, Confluence, Bamboo
Experience designing/implementing/maintaining a Continuous Integration environment
Experience and knowledge of Juniper network design and testing methodologies using Juniper routers, switches, and firewalls
Experience in protocol analyzers and sniffers capabilities (e.g., Wireshark), and Network Management Systems (e.g., SolarWinds) or NAS/SAN technologies (e.g., NetApp)

Responsibilities

Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.
Establish strict program control processes to ensure mitigation of risks and support obtaining certification and accreditation of systems.
Assist in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities.
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.
Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.
Work with small teams and interface with customers and senior managers, focused on the Operations & Sustainment of several interconnected network.
Understand and work with systems engineering processes, Agile development, and DevOps is essential for mission success.
Assist in the implementation of the required government policy to make recommendations on project tailoring, participate in and document project activities.
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.
Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.