Lead Cybersecurity Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline
• Active TS/SC Security Clearance (US Citizenship required)
• 12+ years of experience in IT Security, Information Assurance and/or Systems Security Engineering
• Experienced navigating and/or implementing security regulatory framework standards e.g. RMF, PCI/DSS,SOX and/or HIPAA
• Experience developing documentation; strong written and oral communication skills
• Comfortability and professionalism presenting to stakeholders
• Knowledge and experience in information systems security
• Knowledge of security system design tools, methods, and techniques
• Ability to harden containers for DoD use
• Experience applying STIGS
• Ability to develop best practices for processes and standards that will improve the system
• Working knowledge of IT security principles and methods
• Knowledge of network identity and access management (e.g.,RBAC/ABAC, Policy-based access)
• Knowledge of DoD/IC system security control requirements
• Knowledge of continuous monitoring practices
• Possesses strong technical skills and analytic ability

Nice To Haves

• Any certifications relevant to system and cyber security
• Experience using the XACTA application
• Experience with Common security tools such as Nessus, WASSP, SECSCN, and/or MBSA
• Experience with task management, metrics collection, and status reporting to management
• Proficient with Google Cloud Platform (GCP) technology
• Demonstrated knowledge/experience in the areas of resource allocation, workload management, and contract management
• Familiarity with the Joint Special Access Program (SAP) Implementation Guide (JSIG)
• Worked or familiar with the operations of a Special Access Program Facility (SAPF)
• Experience developing and/or leading ATO package development

Responsibilities

• Performing the hands-on hardening required for an ATO.
• Executing the Assessment & Authorization (A&A) process in accordance with government requirements.
• Conducting technical evaluation of information systems design, and information security aspects and accreditation.
• Performing vulnerability assessments using standardized tools and best practices (e.g., Nessus, DISA STIGs, CIS Benchmarks, AWS Well Architected Framework) and implementing configuration updates as required.
• Preparing comprehensive security assessment testing documentation to validate applied security controls in support of A&A testing.
• Assessing and mitigating system security threats, risks, and vulnerabilities throughout the program life cycle.
• Participating as a member of a security engineering team designing, developing, implementing, evaluating, and/or integrating security architectures, systems, or components.
• Assisting customer staff in resolving operational security issues involving vendors who support the program.
• Analyzing, modifying when necessary and maintaining the Program’s operational security posture.