Cybersecurity Engineer

About The Position

Requirements

• 3+ years of experience with Framework Compliance & Authorization
• 2+ years of experience with Vulnerability & Risk Remediation
• 2+ years of experience utilizing the Risk Management Framework in support of obtaining a Authority to Operate
• 2+ years of experience with Technical Security Assessment
• 1+ years of experience of IaC and CaC development with Terraform and Ansible
• Proficiency in drafting and auditing System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms) that clearly explain risk to non-technical stakeholders
• Ability to "translate" between the developers (who have the data) and the formal cybersecurity leadership (who needs the data).
• Experience translating technical configurations into "audit-ready" evidence for Governance, Risk, and Compliance (GRC) tools like eMASS or ServiceNow.
• Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.
• Experience with Space Force risk management policies/procedures, to include, Fast Track ATO Handbook & AF Continuous ATO Playbook
• Ability to clearly articulate ideas for executive level consumption
• Ability to use prior experience and knowledge to address new situations; especially during interactions with clients
• Ability to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions
• Must have IAT II Certification
• B.A. or B.S. Information Security, Computer Science or related discipline
• US Citizenship and an active Top Secret Security Clearance

Nice To Haves

• Previous experience supporting Department of Defense
• Experience evaluating information security compliance against STIGs

Responsibilities

• Designing, testing, and implementing secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
• Conducting risk and vulnerability assessment at the network, system and application level.
• Conducting threat modeling exercises.
• Developing and implementing security controls and formulating operational risk mitigations along with assisting in security awareness programs.
• Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
• Researching, evaluating and recommending new security tools, techniques, and technologies and introducing them to the enterprise in alignment with IT security strategy.
• Utilizing COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.
• Assisting in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and making recommendations on process tailoring.
• Performing analyses to validate established security requirements and recommending additional security requirements and safeguards.
• Supporting the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Periodically conducting a review of each system's audits and monitoring corrective actions until all actions are closed.
• Supporting cyber metrics development, maintenance and reporting.
• Providing briefings to senior staff.