The cybersecurity engineer will be responsible for identifying, implementing, assessing, and managing cybersecurity capabilities and services, providing leadership, team coordination, and subject matter expertise in preparing Certification and Accreditation (C&A) and/or Assessment and Authorization (A&A) packages and leverages the C&A/A&A process steps as a means for system authorization. This includes DIACAP and/or RMF accreditation packages and artifacts generation, planning, and executing security test and evaluation (ST&E), analyzing test results, drafting Risk assessment Reports (RAR), C&A Plans, Plan of Actions and Milestones (POAM’s), Security Assessment Report (SAR), Security Assessment Plan (SAP), conduct required vulnerability analysis to support mitigation and residual risk determination, and eMASS data entry. The cybersecurity engineer must have experience with performing vulnerability scans on various Operating Systems using approved DISA tools. Experience with UNIX/Linux preferred. The cybersecurity engineer shall provide security related advice and assistance to system engineers and program managers on security related matters and develop security related procedures, policies, and technical recommendations, as required. The cybersecurity engineer must possess excellent customer service and communication abilities needed to create and present oral & written briefs along with strong problem solving skills.
- Must have 4+ years of IA/cybersecurity experience, with a minimum of 4 years direct Defense Information Assurance Certification and Accreditation Process (DIACAP) and/or Risk Management Framework (RMF).
- Must be familiar with EMASS and C&A/A&A package entry.
- High degree of knowledge of DoD 8510.01 and the Department of Navy DIACAP Handbook and experience developing Certification and Accreditation (C&A) documentation
- Knowledge of DoD 8500 Series Policies (DoDD 8500.1, DoDI 8500.2, DoD 8500.01, DoDI 8510.01 (DIACAP and RMF)), CNSSI 4009, NIST SP 800-53 Security Control Catalog, CNSS 1253, CNSSI 1253, and NIST Special Publication (SP) 800-53.
- Review security requirements, products, configurations and cybersecurity architectures for compliance with DoD policies. Development and execution of C&A schedules and documentation.
- Development and execution of security test plans and assessing the cybersecurity risk of IT systems.
- Participate in collaboration meetings; act as a trusted agent to program managers and cybersecurity practitioners and track critical cybersecurity processes experience in assessing a network and/or systems using cybersecurity automated tools such as Nessus, SCAP, and any applicable Security Technical Implementation Guides (STIGs) in accordance with DISA requirements.
- ACAS, VRAM, HBSS and WSUS familiarity
- Must be able to communicate with personnel and clients effectively.
- DoD Security Clearance required.
- A bachelor's degree from an accredited college or university in a related discipline is required. Four (4) additional years of experience in cyber security and IA may be substituted in lieu of degree. Must hold a minimum of IAM Level II approved certification as identified in DoD 8750.
Job Code: 484