Cybersecurity Engineer and Risk Analyst

About The Position

Requirements

• 3+ years of experience working with the Information Technology (IT) systems for a DoD or government agency
• 3+ years of experience leading Navy Risk Management Framework (RMF), including Assessment and Authorization (A&A) activities, and the preparation, direct development, and maintenance of RMF artifacts, packages, and deliverables across all steps, including Security Assessment Plans (SAP)
• 3+ years of experience implementing security controls and policies, performing cybersecurity compliance testing using industry standard tools, and performing vulnerability analysis and remediation of networks, systems, and communications protocols
• Experience with operating systems, platforms, and technologies, including Windows, Linux, cloud, or virtualization
• Experience with architecture visualization, and developing and maintaining system artifacts, including Boundary Diagrams and Data Flow Diagrams
• Experience with eMASS, including Security Plan development and hands-on processing of packages through workflows, assisting with generating security policies, evaluating assessment documentation, and developing written security risks, mitigations, and recommendations
• Ability to devise and execute client deliverables, work independently, identify problems and devise analysis and solutions, communicate results to both technical and non-technical audiences, and lead the accomplishments of client tasks from inception to completion
• TS/SCI clearance
• HS diploma or GED
• DoD 8140 Certification

Nice To Haves

• Experience with tools such as Assured Compliance Assessment Solution (ACAS), DoD Security Technical Implementation Guides (STIG), and Evaluate-STIG
• Experience integrating security into DevOps or DevSecOps pipelines
• Experience implementing automation methodologies and processes
• Experience deploying, implementing, maintaining, and integrating cybersecurity tools and applications in alignment with the current threat landscape, and analyzing risks and opportunities at both tactical and strategic levels
• Experience with network engineering functions, including Windows, Linux, and virtual operating systems, security tools, platforms, and technologies, including network and web application firewalls, web proxy, intrusion prevention systems, vulnerability scanners, and penetration tools
• Ability to meet cyber schedule, performance, and quality metrics within the systems development lifecycle and acquisition lifecycle
• Master’s degree
• OS Certification

Responsibilities

• Develop relationships quickly and easily with other teams, communicating the complexities of security with a wide variety of audiences, including senior management.
• Implement infrastructure and cybersecurity controls, including enhanced detection and vulnerability capabilities and improved event correlation in large enterprises.
• Perform risk and vulnerability assessments in network, system, and application areas.
• Leverage big data analytics and traditional security event types to identify advanced threats or indicators of compromise.
• Develop and implement security solutions that will protect our military.
• Troubleshoot and analyze complex challenges for customers using knowledge of cybersecurity policy, networks and system infrastructure, and risk management.
• Research and develop security solutions using knowledge and experience in technology and market trends.
• Assess security threats and implement infrastructure controls using knowledge and experience in ACAS, STIGing, and scanning.
• Champion cybersecurity, discover cyber risks, and provide hands-on support to critical mission areas.
• Develop and maintain system artifacts, including Boundary Diagrams and Data Flow Diagrams.

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program