Cybersecurity Engineer

About The Position

Requirements

• Four (4) or more years of experience in IT security, including RMF methodology and A&A.
• Bachelor’s Degree in computer science, cybersecurity, information systems, or other related technical discipline; or Associate’s Degree and six (6) or more years of cybersecurity experience.
• Cybersecurity Workforce (CSWF) Intermediate Level knowledge/skills (IAT Level II), with specific course completion or renewal certificate.
• Exceptional understanding of DOD cybersecurity policies, RMF steps and structure, A&A process, and gaining system authorization to operate (ATO).
• Ability to operate and execute DISA tools, STIG Viewer, eMASSter and a strong familiarity with eMASS functionality.
• Strong communication skills with all levels of the IT workforce and can translate complex technical topics for senior decision-makers. Prepare/deliver presentations to leadership.

Nice To Haves

• Familiarity with Department of the Navy cybersecurity policies, organizations, and missions.
• Cybersecurity Workforce (CSWF) Advanced Level knowledge/skills (IAT Level III).

Responsibilities

• Provide cybersecurity engineering support as part of the system development life cycle (SDLC). Ensure security requirements are integrated into the system architecture, design, development, testing, assessment, authorization, delivery, and sustainment.
• Apply the cybersecurity risk management framework (RMF) to program information systems in accordance with NIST SP 800-37 (RMF for Information Systems and Organizations) and DoDI 8510.01 (RMF for DoD Information Technology).
• Implement the RMF life cycle steps to achieve system authorization and operation. Build, maintain, and track system’s cybersecurity baselines and security authorization documentation to the Enterprise Mission Assurance Support Service (eMASS).
• Provide support to cybersecurity architecture and assessment & authorization (A&A) processes, ultimately leading to Authority to Operate (ATO) decision.
• Identify and employ cybersecurity best practices for the organization. Create a well-informed plan based on DOD and Navy cybersecurity strategy and manage the adaption process. Incorporate security management into hardware, software, and applications.
• Assist Government managers with information security oversight, policy analysis, IT product acquisition, and program execution in accordance with NIST SP 800-39 (Managing Information Security Risk: Organization, Mission, and Information System View) and the DoDI 8500.01 (Defense Cybersecurity Program).
• Engage with Program Office managers and technical stakeholders to interpret technical requirements, standards/policies, architectural artifacts, budget development, implementation, auditing, program briefs, and continuous monitoring.
• Review Assured Compliance Assessment Solution (ACAS) vulnerability scans. Review, analyze and evaluate Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) content for each applicable system component.
• Prepare and review documentation to include Systems Security Plans (SSP), Security Assessment Plans (SAP), Risk Assessment Reports (RAR), A&A packages, and System Requirements Traceability Matrices (SRTMs).

Benefits

• Health/Dental/Vision
• 401(k) match
• Flexible Time Off
• STD/LTD/Life Insurance
• Referral Bonuses
• professional development reimbursement
• maternity/paternity leave