Senior Principal Cyber Security Engineer

Cubic Corporation•Ashburn, VA

29d•Onsite

About The Position

The candidate will join a cross-functional security team responsible for the security posture of commercial software products supporting DoD missions, software development environments for new product development, and maintaining regulatory compliance for business and information systems infrastructure. The role involves working both independently and within a team (with reach-back support available), using sound judgment to guide organizational entities through security frameworks, assessments, remediations, and improvements. The candidate will collaborate with emerging product development teams, ensuring that security requirements are prioritized equally with functional requirements. Additionally, there will be opportunities to work on secure architectures, security procedures, and tests for newer technologies, including containers, Kubernetes, and service meshes. Candidates must demonstrate critical thinking and problem-solving skills under limited supervision. They should adhere to engineering standards for developing testable, maintainable, and well-documented security practices in line with Agile development methodologies, tools, and release processes.

Requirements

Four-year degree in a relevant discipline, and/or the combined equivalent of experience and education.
Candidates must have Secret security clearance.
Candidates should possess 10 years of professional experience in cybersecurity, software engineering, network engineering, computer science, computer engineering or a related discipline.
Any DoD 8570 security certifications: CompTIA Security+, EC-Council CEH, (ISC)2 CISSP, SANS GIAC cert, CAP, CND, Cloud+, GSLC, HCISPP, etc.
Candidate must be able to prioritize work, complete multiple tasks and work within deadlines.
Candidate must be adept in both verbal and written communication.
Candidate must be responsible, organized, and leverage logical thought processes and work methods.
Candidate should have the ability to produce technical writing artifacts describing security assessments, findings and remediation actions.
Candidate should possess strong analytical and problem-solving skills.
Candidate should possess strong interpersonal and team-oriented skills.
Candidate should be comfortable working in both remote and in-office environments.
Moderate to Expert understanding of Unix/Linux-based operating systems (RedHat, CentOS, Rocky, Ubuntu, etc.).
Moderate to Expert understanding of NIST frameworks and security assessments.
Moderate to Expert demonstrable knowledge of some security tools (ex. ACAS, Grype, Nessus, Nmap, Prisma, Wireshark, OWASP ZAP, etc.).
Moderate to Expert knowledge of virtualized environments.
Moderate to Expert experience supporting software development teams and environments.
Moderate to Expert understanding of Information Assurance and security requirements as it applies to the Department of Defense (IA controls, NIST, STIGs, etc.).

Nice To Haves

Experience with various agile tools such as Jira, and Confluence.
Experience developing and performing security assessments and/or accreditation packages.
Moderate to advanced demonstrable knowledge of security tools.
Experience implementing CIS benchmarks or DoD STIGs..
Experience with automation and/or containerization technologies.
Advanced understanding of Information Assurance and security requirements as it applies to the Department of Defense (IA controls, NIST, STIGs, etc.).
Experience with SAFe / Agile concepts and methods.
Experience working with database technologies like PostgreSQL and Redis.
Experience with public cloud systems like Amazon Web Services, MS Azure, Heroku, etc.
Have a TS clearance with SCI eligibility.

Responsibilities

Identifies, investigates and resolves technical issues.
Works under general direction within a clear framework of accountability and exercises substantial personal responsibility and autonomy.
Strong verbal, written communications and interpersonal skills; ability to interact professionally with internal and external customers, and technical and non-technical persons.
Conduct tool-assisted vulnerability and compliance assessments for production network environments and product deliveries and work with relevant personnel to resolve findings.
Support program personnel with pre-customer-delivery security activities and artifacts .
Keep NIST 800-171 documentation up to date.
Partner with software engineers to remediate security findings.
Maintain security assessment environments and tools.
Support program personnel keeping product relevant security scans/documentation/reports up to date.
Support/improve development networks continuous monitoring activities.

Benefits

Cubic offers medical, dental and vision insurance, company-paid disability (company continues full pay and benefits for up to six weeks), life insurance options, critical illness and accident coverages, Flexible Spending Accounts, a pre-paid legal plan, travel accident insurance, an award-winning well-being program which includes an employer-funded lifestyle spending account, up to six weeks of paid parental leave, and a 401k Retirement Plan with a company match.
Employees can also take advantage of backup childcare, pet care, pet insurance, virtual tutoring, and a tuition reimbursement program.
Many locations follow a 9/80 work schedule with time-off policies to help encourage employees to take time for rest and relaxation.
Full-time salaried employees are eligible to participate in Cubic’s flexible time-off arrangement.
Part-time and hourly employees accrue paid time-off (PTO)/Sick leave at a rate of 5.23 hours bi-weekly.
Lastly, Cubic provides its employees 11 paid holidays throughout the calendar year.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume