Cybersecurity Engineering Manager

About The Position

Requirements

• Security Clearance: Must possess an active U.S. government TS/SCI security clearance, which only a U.S. citizen can obtain
• Ability to obtain and maintain a JWICS, SAP/SAR clearance
• Education: BS/BA in a related field
• 7-9 years of experience
• Tertiary qualification in Cybersecurity, Computer Science, Engineering, Information Systems, or a related technical discipline
• DODM 8140.03 Cybersecurity Certification (Security+, CEH, CISSP, CISM, C|CISO, etc)
• Minimum 7–9 years’ experience in cybersecurity engineering, assurance, or governance within the Defense sector or another highly regulated technical environment.
• Demonstrated knowledge and practical application of Defense and international cybersecurity standards and frameworks
• Proven experience leading or contributing to cybersecurity risk assessments, security design reviews, and system accreditation activities under Defense security frameworks
• Strong understanding of secure system architectures, information assurance principles, and cyber risk management across the system lifecycle
• Proficiency with cybersecurity management and monitoring tools such as SIEM, vulnerability management platforms, endpoint detection and response, and secure configuration baselines
• Demonstrated knowledge in architecting and managing the Risk Management Framework (RMF) lifecycle, including the authoring and execution of System Security Plans (SSPs) and mission-critical documentation (ISSMP, CCR, SRMP) to secure formal Authorization to Operate (ATO) for Defense programs
• Strong analytical, organizational, and communication skills, with the ability to collaborate effectively across engineering, program management, and customer security teams
• Strong problem-solving skills
• Experience with ATO process and procedures
• Excellent written and verbal communication skills, with the ability to articulate risk posture, trends, and recommendations to diverse audiences
• Working knowledge of Agile, Agile XP, DevOps, and DevSecOps methodologies
• Experience working with version control systems like Gitlab, Jira and Confluence

Nice To Haves

• Experience in Defense acquisition and sustainment programs across the capability lifecycle, with emphasis on cyber and information assurance requirements
• Knowledge of the Australian Government Information Security Manual (ISM), DISP cyber security controls, and international standards such as ISO/IEC 27001 and NIST SP 800-171
• Experience leading or mentoring cybersecurity professionals, engineers, or small teams in secure system design, implementation, and assessment
• Familiarity with digital engineering environments, secure system architectures, and integration of cybersecurity with model-based systems engineering (MBSE) frameworks
• Experience in assessing, implementing, and continuously improving cybersecurity controls, monitoring systems, and risk management processes within Defense or critical infrastructure systems
• Exposure to contract, accreditation, and compliance management, including reporting to Commonwealth, Prime, or international Defense clients on cybersecurity assurance and risk posture

Responsibilities

• Securing enterprise network boundaries by managing firewalls, enforcing strict access management, and monitoring high-volume data traffic for anomalies
• Performing analysis at all levels of the lifecycle, ensuring security posture is maintained from initial conceptualization through decommissioning
• Using encryption technology, penetration and vulnerability analysis of various security technologies, and conducting information technology security research
• Helping to direct end-to-end security operations that may include Risk Management Framework (RMF) Assessment & Authorization (A&A)
• Supporting Certificate to Field (CtF) activities Incident Response (IR) Disaster Recovery (DR)
• System hardening Defining security requirements Vulnerability scanning, research and testing
• Providing analytical support for development of the system security policy
• Modernizing legacy infrastructures by integrating cloud native architecture and Zero Trust security features
• Making changes to security blueprints and artifacts
• Providing architectural analysis of cyber security features and relating existing system to future needs and trends
• Embedding advanced forensic tools and techniques for attack reconstruction
• Providing engineering recommendations, and resolving integration and testing issues
• Analyzing and solving complex problems, which may include taking new perspectives to identify and recommend solutions/best practices
• May be required to advise multi-disciplinary teams or run projects