Senior Cybersecurity Engineer

About The Position

Requirements

• U.S. Citizenship is required.
• Master’s Degree (in Computer Science, Cybersecurity or a related field). Relevant experience may be substituted for the degree.
• 10 Years’ total experience, at least 8 of which is in cybersecurity engineering, architecture or R&D infrastructure.
• Requires a strong understanding of cybersecurity principles, risk management, and secure computing architectures to protect unclassified, collateral, and Special Access Program (SAP) networking environments critical to weapons technology innovation.
• Must have experience implementing and managing cybersecurity controls, conducting vulnerability assessments, and ensuring compliance with DoD security policies.
• Must collaborate closely with network engineers to integrate security into network designs, support DevSecOps initiatives, and maintain a robust security posture across isolated and connected enclaves—all while enabling operational excellence and scientific agility.
• Must hold a DoW 8570/8140 IAT Level III (CISSP, CISM, or equivalent).
• Security+, CEH, or other relevant security certifications is required.
• Expert-level knowledge of cybersecurity principles, risk management, and secure computing architectures.
• Hands-on experience with security tools and technologies, such as SIEM, intrusion detection/prevention systems, vulnerability scanners, and endpoint protection solutions.
• Experience with Host-Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), Nessus, Tenable.sc, Tenable.io, NNM, LCE, Nessus Manager, Agents, and Scanner.
• Experience with scripting (Python, PowerShell) and automation tools (Ansible, Chef).
• Familiarity with Risk Management Framework (RMF), Authority to Operate (ATO) documentation, and enclave compliance management.
• Physically able to lift up to 50 lbs; adaptable to fieldwork and hands-on installations.
• Must have and maintain Secret level Security Clearance and must be Top Secret eligible.
• Must be eligible for Special Access Program (SAP) access.

Responsibilities

• Collaborate with network engineers to architect secure network topologies for current and future connected and isolated environments, ensuring security is embedded in the design phase.
• Design and deploy security solutions for S&T environments that support continuous research, development, and DevSecOps, working closely with network engineers to implement and maintain these solutions.
• Advise on security planning for long-term initiatives, including SDREN integration and the Weapons Technology Integration Center (WTIC) and other facility projects, in conjunction with network planning efforts.
• Develop security innovation roadmaps aligned with mission goals and emerging technologies, coordinating with network engineers to ensure alignment with network modernization efforts.
• Coordinate with facilities, engineering, and network teams to ensure robust infrastructure supports secure research operations, focusing on the security aspects of network hardware/power/cooling needs and structured cabling.
• Lead security aspects of containerization, virtualization, and orchestration of systems to support laboratory computing, HPC, and edge devices, working with network engineers to implement secure configurations.
• Engineer multiple S&T networks security architecture in compliance with NIST 800-series, DoW RMF, DISA Security Technical Implementation Guides (STIGs), and cybersecurity best practices, collaborating with network engineers to ensure seamless integration.
• Review engineering, architecture, and designs to ensure DoW security policies are met.
• Implement DevSecOps pipelines to automate security scans and CI/CD deployments, working with network engineers to integrate security into existing pipelines.
• Manage ATO package development and collaborate with ISSMs, network engineers, and cybersecurity stakeholders to ensure compliance.
• Review and develop RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Integrate identity management and single sign-on solutions across enclaves and hybrid environments, coordinating with network engineers to implement and maintain these solutions.
• Analyze and tune HBSS policies for assets during integration test events.
• Perform verification and troubleshooting across all HBSS modules.
• Install updates to HBSS software as released and in compliance with STIG requirements.
• Monitor HBSS software to ensure that the clients/servers are operational and reporting properly; test and provide software fixes as needed.
• Monitor HBSS for any intrusions or rogues.
• Deploy and maintain security controls for hybrid cloud services and virtualization platforms (e.g., VMware, AWS, Azure), working with network engineers to ensure secure configurations.
• Design and manage security aspects of storage (SAN, EFS, EBS), automation (Terraform, Packer, Ansible), and orchestration (Kubernetes, Docker) solutions.
• Enable secure connectivity between scientific equipment, cloud resources, and virtual desktops, collaborating with network engineers to implement and maintain these connections.
• Monitor system and network security performance using SIEM platforms, intrusion detection systems, and custom dashboards, working with network engineers to correlate data and identify security incidents.
• Monitor Security Information and Event Management (SIEM) and Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) for cloud services.
• Document security architectures, procedures, and system configurations with tools like Lucidchart, Visio, and Confluence, ensuring documentation is aligned with network documentation.
• Maintain system documentation including the ATO and other applicable documents.
• Provide knowledge transfer, mentorship, and technical guidance to engineers and stakeholders on security-related matters, working with network engineers to provide comprehensive guidance.
• Install, configure, and maintain multiple ACAS Security Centers (SC) and ACAS scanners.
• Install updates to Tenable software as released and in compliance with STIG requirements.
• Deploy, maintain, and tune Tenable scanners to meet current and future needs.
• Create, deploy, and manage Tenable scan configurations.
• Ensure that the ACAS scanners and Security Center are operational and reporting properly.
• Perform security compliance and vulnerability assessments specifically developing and applying STIG or CIS baselines for various operating systems, including Windows or RHEL and CentOS.
• Perform analysis of ACAS and SCAP scans along with STIG checklist to develop POAMs.
• Run vulnerability scanning tools, such as Trend Micro, ACAS and other commercial and GOTS.

Benefits

• ESOP participation
• 401(k) match and safe-harbor contribution
• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• flexible spending accounts
• Health Saving Accounts and Health Reimbursement Accounts
• EAP
• education assistance
• paid time off
• holidays