Cybersecurity Systems Engineer
About The Position
General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency. We offer highly competitive benefits and pride ourselves in being a great place to work with a shared sense of purpose. You will also enjoy a flexible work environment where contributions are recognized and rewarded. If who we are and what we do resonates with you, we invite you to join our high-performance team!
Requirements
- Bachelor's degree in Engineering, or a related Science or Mathematics field, plus 1 year relevant experience; or Master's degree.
- Experience executing the RMF lifecycle (NIST SP 800-37) from categorization (FIPS 199/CNSSI 1253) through ATO and continuous monitoring
- Knowledge of NIST SP 800-53; ability to assess implementations, write defensible narratives, and identify gaps
- Experience applying and verifying STIGs across OSes, network devices, databases, and applications using STIG Viewer and SCAP tools
- Experience with ACAS/Nessus; ability to interpret results and drive remediation
- Ability to produce and maintain RMF artifacts (SSPs, SARs, SAPs, RARs, POA&Ms) that satisfy RMF requirements
- Can translate technical findings into risk-informed language for system owners and PMs
- Understanding of system architectures, data flows, boundaries, and how security requirements map to implementations
Nice To Haves
- Experience with Navy RMF implementation, including Navy-specific overlays, NAVSEA processes, and authorization workflows
- Experience with eMASS and VRAM
- Experience with DoD cloud authorization (IL4–IL6), FedRAMP reciprocity, or container security (Kubernetes/OpenShift)
- Relevant certifications: Security+, CISSP, and/or AWS security certs
- Experience with DevSecOps toolchains and security gates in CI/CD pipelines
- Experience supporting SCA evaluations or serving as an ISSE
- Works independently under limited direction across concurrent efforts
- Identifies opportunities to apply AI for continuous improvement and innovation
- Active Secret clearance (or ability to get one within a reasonable amount of time)
Responsibilities
- Shepherd multiple Navy information systems through the full ATO lifecycle (Categorize, Select, Implement, Assess, Authorize, Monitor)
- Build and maintain authorization package artifacts: SSPs, SAPs, SARs, RARs, POA&Ms, architectural diagrams, HW/SW inventories, and continuous monitoring strategies
- Develop, review, and maintain authorization boundary diagrams that clearly delineate system scope, data flows, interconnections, and external interfaces
- Assess and validate NIST SP 800-53 security controls; write control satisfaction narratives with rigor to withstand SCA/AO scrutiny
- Implement and validate STIGs across diverse system components; track findings through resolution or risk acceptance
- Conduct vulnerability scans (ACAS/Nessus, SCAP), interpret results, and translate findings into remediation plans and residual risk determinations
- Manage POA&M items - creation, milestone tracking, risk characterization, and closure with evidence
- Support continuous monitoring including periodic control assessments, ongoing authorization evidence collection, and change-impact analysis
- Integrate security assessment activities into DevSecOps CI/CD pipelines where applicable
Benefits
- highly competitive benefits
- flexible work environment
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
