Cybersecurity Engineer, Principal

About The Position

Requirements

• Current Top Secret security clearance is and therefore all candidates must be a U.S. Citizen
• Master’s degree in Cyber Security , Information Security Engineering, mathematics, or a related field ( Educational requirements may be adjusted for applicable work experience.)
• Current DoD 8570 IAT II certification
• Knowledge of implementation and security levels and roles necessary for successful cloud deployment
• Must have recent RMF and ATO experience
• Must have extensive experience in Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks
• Minimum of 6+ years experience in designing and implementing systems that meet agency Cyber Security policy and regulations. (Work experience may be adjusted for highly specialized knowledge or uniquely applicable experience.)
• Knowledge of Risk Management processes and methodologies
• Experience developing RMF documentation and artifacts (e.g., PPS, design diagrams, SOPs, POA&Ms, etc.)
• Experience in network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Good verbal and written communication skills

Nice To Haves

• Current DoD 8570.01 IAT III certification
• Experience with AWS and cloud architecture design
• Experience with security tools and devices, including network firewalls, web proxy, intrusion prevention systems, vulnerability scanners, or penetration tools, or object-oriented programming languages, including Java or Python

Responsibilities

• Work closely with system designers, operators, as well as industry to design security into products, develop new standards, and highlight requirement gaps
• Design and conduct risk assessments to ensure capabilities are integrated properly without threat to the systems’ security posture
• Generate cybersecurity functional requirements during design reviews and support the agile development of systems and capabilities
• Develop and execute, security-centric test and evaluation procedures and document results
• Troubleshoot and investigate system configurations, patches, security scan findings
• Identify and update security and virus scan definitions to determine integration strategies and baseline impacts
• Review Security Technical Implementation Guide (STIG) findings and ensure all systems and capabilities remain compliant
• Provide support to the Assessment and Authorization (A&A) Risk Management Framework (RMF) with processes established in DOD Instruction 8510.01 on all client managed systems, to ensure the valid and accurate review of all associated documentation
• Develop and review certification and accreditation documents
• Develop and review RMF artifacts (e.g., System Security Plan (SSP); Ports, Protocols and Services (PPS); and Accreditation Boundary diagrams)

Benefits

• medical
• dental
• vision
• paid time off
• 401(k)
• life insurance
• flexible work schedules
• holidays