We have a new opportunity for a talented Lead Cybersecurity Engineer. This individual will be responsible for integrating cybersecurity controls into the system architecture in accordance with all mandatory directives and instructions to achieve and maintain the DoD cybersecurity assessment and authorization (A&A) for the systems.
Responsibilities to include:
- Responsible for the application of Information Assurance (IA) controls through a disciplined systems engineering approach during the design, development, testing, upgrade, modification, and fielding of system updates.
- Ensure that cybersecurity controls are addressed during the operation, maintenance, and decommissioning of the systems.
- Continuously monitor, report, and respond to any changes to the system that may impact the system’s security posture.
- Monitor and assess security controls in the system on an ongoing basis to include assessing security control effectiveness, documenting changes to the system or environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system.
- Ensure that all IA enabled products are in compliance with Common Criteria and National Information Assurance Partnership (NIAP).
- Perform automated code reviews in accordance with requirements.
- Utilize the results of automated code reviews in the software development process to mitigate or eliminate identified issues.
- Prepare and maintain cybersecurity documentation to obtain and maintain an Authority to Operate (ATO) and Authority to Connect (ATC) for the Risk Management Framework (RMF).
- Ensure that cybersecurity documentation accurately reflects the current system configuration and architecture at all times.
- Utilize IA tools to deliver, maintain, and review A&A documentation and workflow.
- Complete Annual Security Reviews, Annual Security Control testing, Annual Contingency Plan testing, and submission of quarterly POA&M updates in compliance with the Federal Information Security Management Act (FISMA).
- Generate reports of all active system user accounts and user account permissions upon request.
- Prepare agenda and minutes for monthly Plan of Action and Milestones (POA&M) review of Cybersecurity status.
- Ten (10) years of Cybersecurity/Information Assurance experience
- Experience with IA Tools (i.e. MCCAST, eMASS)
- Experience with HP Fortify
- Experience with/knowledge of NIAP and FISMA requirements
- Experience with Windows Server or Linux environments.
- Experience with virtualization and system consolidation
- Solid networking knowledge
Education, Certificates, Licenses Required
- Bachelor’s degree in Computer Science, Information Technology, Engineering or a related subject
- Secret clearance
- At least one of the following Certifications: