Cybersecurity Engineer

About The Position

Requirements

• Four (4) or more years of experience in IT security, including RMF methodology and A&A.
• Bachelor’s Degree in computer science, cybersecurity, information systems, or other related technical discipline; or Associate’s Degree and six (6) or more years of cybersecurity experience.
• Cybersecurity Workforce (CSWF) Intermediate Level knowledge/skills (IAT Level II), with specific course completion or renewal certificate.
• Exceptional understanding of DOD cybersecurity policies, RMF steps and structure, A&A process, and gaining system authorization to operate (ATO).
• Ability to operate and execute DISA tools, STIG Viewer, eMASSter and a strong familiarity with eMASS functionality.
• Strong communication skills with all levels of the IT workforce and can translate complex technical topics for senior decision-makers.
• Prepare/deliver presentations to leadership.
• Secret Clearance required

Nice To Haves

• Familiarity with Department of the Navy cybersecurity policies, organizations, and missions.
• Cybersecurity Workforce (CSWF) Advanced Level knowledge/skills (IAT Level III).

Responsibilities

• Provide cybersecurity engineering support as part of the system development life cycle (SDLC).
• Ensure security requirements are integrated into the system architecture, design, development, testing, assessment, authorization, delivery, and sustainment.
• Apply the cybersecurity risk management framework (RMF) to program information systems in accordance with NIST SP 800-37 (RMF for Information Systems and Organizations) and DoDI 8510.01 (RMF for DoD Information Technology).
• Implement the RMF life cycle steps to achieve system authorization and operation.
• Build, maintain, and track system’s cybersecurity baselines and security authorization documentation to the Enterprise Mission Assurance Support Service (eMASS).
• Provide support to cybersecurity architecture and assessment & authorization (A&A) processes, ultimately leading to Authority to Operate (ATO) decision.
• Identify and employ cybersecurity best practices for the organization.
• Create a well-informed plan based on DOD and Navy cybersecurity strategy and manage the adaption process.
• Incorporate security management into hardware, software, and applications.
• Assist Government managers with information security oversight, policy analysis, IT product acquisition, and program execution in accordance with NIST SP 800-39 (Managing Information Security Risk: Organization, Mission, and Information System View) and the DoDI 8500.01 (Defense Cybersecurity Program).
• Engage with Program Office managers and technical stakeholders to interpret technical requirements, standards/policies, architectural artifacts, budget development, implementation, auditing, program briefs, and continuous monitoring.
• Review Assured Compliance Assessment Solution (ACAS) vulnerability scans.
• Review, analyze and evaluate Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) content for each applicable system component.
• Prepare and review documentation to include Systems Security Plans (SSP), Security Assessment Plans (SAP), Risk Assessment Reports (RAR), A&A packages, and System Requirements Traceability Matrices (SRTMs).

Benefits

• Health/Dental/Vision
• 401(k) match
• Paid Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• parental leave