Principal Cyber Engineer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Engineering, or a related technical discipline and Nine (9) years or more experience in Information Assurance, Cybersecurity Engineering, or a related discipline; Master’s degree in Cybersecurity, Computer Science, or Engineering with an emphasis on cybersecurity and seven (7) years or more experience. Equivalent work experience may be considered in lieu of a degree.
• 5+ Years of hands‑on experience designing, implementing, or supporting hardened IT systems in classified or high‑security environments
• Must be a U.S. Citizen
• Must have an Active Secret clearance to start
• Must be able to obtain a Top Secret clearance after start
• Proven work with air‑gap architectures, data diodes, and secure offline transfer mechanisms.
• Extensive Knowledge of RMF and ATO processes, including experience in creating, reviewing, and managing RMF documentation (SSPs, POA&Ms, Security Assessment Plans).
• Experience with DoD vulnerability scanning tools (e.g., ACAS, Nessus, SCAP) and compliance with DoD standards, such as DISA STIGs.
• Strong understanding of security baselining, secure configuration management, and continuous monitoring practices.
• Strong scripting/programming skills (Python, Bash, PowerShell, C/C++).
• Experience with hardware security modules (HSM), TPM, and PKI implementation.
• Familiarity with virtualization/containers in secure contexts (VMware ESXi, Hyper‑V, Docker with hardened builds).
• Proven experience in resolving critical security vulnerabilities and supporting accreditation/re-accreditation activities.
• IAM Level II or III certification in accordance with DoD 8570.01-M (e.g., CISSP, CAP, or CISM).

Nice To Haves

• 10+ years of experience supporting DoD/DoN programs, particularly for Navy-focused platforms.
• Hands-on experience with NIWC Pacific or Navy organizations.
• Familiarity with National Information Assurance Partnership (NIAP) and Common Criteria technologies.
• Expertise in drafting and implementing Security Technical Implementation Guides (STIGs) for custom applications.
• Experience working with Configuration Management (CM) teams to manage software artifact delivery.
• Strong analytical and communication skills to interact with multidisciplinary teams and senior leadership effectively.

Responsibilities

• Propose, coordinate, implement, and enforce all DoD/DoN cybersecurity policies, standards, and methodologies for the operational environment (OE), software applications, and government test tools.
• Perform risk assessments in support of RMF lifecycle activities and implement continuous monitoring plans to sustain ATO.
• Assist with annual security reviews, re-authorizations, and compliance with ATO stipulations.
• Conduct vulnerability assessments using tools such as ACAS, SCAP, and other automated tools to ensure compliance with Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
• Develop and update cybersecurity baselines, including monthly security patching, system lockdowns, and configuration updates.
• Conduct independent cybersecurity scans and audits to verify the security posture of systems before and after new configurations are implemented.
• Develop Cybersecurity Baseline Test Plans (CSBTP) and Cybersecurity Baseline Test Reports (CSBTR) to document critical patching activities and ensure tested functionality.
• Identify and mitigate security vulnerabilities or programming flaws that could be exploited to compromise system integrity or availability.
• Support the development of test plans and associated documentation (CDRLs) for delivery to Configuration Management (CM) managers and stakeholders.
• Collaborate with CS teams to resolve findings and integrate RMF requirements throughout the system lifecycle.
• Provide technical leadership to other cyber staff, ensuring cohesive execution of cybersecurity efforts and compliance with emerging DoD directives.
• Prepare and deliver documentation—including monthly vulnerability scan reports, risk mitigation strategies, and policy updates—to government stakeholders to achieve mission milestones.
• Identify and refine cybersecurity processes to ensure sustainment of the OE, software applications, supporting tools, and infrastructure.
• Enhance early detection mechanisms by incorporating automated benchmarks and efficient review processes for baseline updates.
• Develop innovative solutions for emerging cybersecurity requirements within DoD/DoN frameworks.