Cybersecurity Project Engineer

Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration and intelligence mission support services to meet our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization. Nightwing brings disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets. Job Title: Cybersecurity Project Engineer Location: Sterling, VA Clearance: TS/SCI Poly This position is CONTINGENT upon contract award The Cyber Security Project Engineer (CSE) supports the LSA to identify, design, and deploy security controls and subsystems to support the on-premises secure multi­ tenant infrastructure environment (CUSTOMER). The CSE collaborates with the Platform and Operations teams to integrate security controls into the IaaS environment. The CSE discovers and mitigates cybersecurity risks, assess the security controls implemented within and inherited by the system, understand and apply policies to address requests for information on cyber best practices, conduct risk assessments for specialized devices, and provide information system security expertise. Collaboratively works closely with Platform and Operations teams, Sponsor, Information System Security Officers and Managers, as well as the Authorizing Officials (AO) to conduct comprehensive CNSSI 1253 and NIST SP 800-53a assessments of the management, operational, and technical security controls. Daily tasks include, but are not limited to: Work with LSA, technical team to develop template/tools for automating the deployment of security controls in the CI/CD pipeline and the continuous automated/enhanced assessments or O&M of vulnerability scan tools Facilitates meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with team stakeholders. Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans and security plans). Identify and recommend mitigations for potential avenues of exploitation, including system level attacks and user level attacks. Advises and assists with the Lifecycle Assessment and Authorization (A&A) process and development of Systems Security Plan (SSP) Develops and documents security evaluation test plans and procedures Develops SCA artifacts, including the Security Assessment Plan (SAP), Security Assessment Reports (SAR), and Remediation Actions Experience with developing Plans of Action and Milestones (POA&Ms), including providing risk mitigation strategies, steps, and milestones. Conducts hands on security testing, analyzes results, documents risks, and recommends countermeasures Applies working knowledge of Industry Best Practices (e.g. SANS Top 20) National/International policies and standards and how they relate to the A&A process Applies working knowledge of Intelligence Community Information Assurance policies and regulations and how they relate to the A&A process Demonstrated experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation