Cybersecurity (IA) Engineer
Job Purpose: Responsible for performing tasks to ensure applications, systems and networks satisfy cybersecurity requirements. This includes planning, implementing and maintaining controls to ensuring the availability, integrity, authentication, confidentiality, and nonrepudiation of computers, applications, systems and networks for our customer.
Job Duties Include: The following reflects management’s definition of essential functions for this job but does not restrict the tasks that may be assigned. Management, and/or the customer, may assign additional duties and responsibilities to this job at any time due to reasonable accommodation or other reasons.
- Serve as focal point for information assurance findings.
- Plan, implement and maintain cybersecurity (IA information assurance) activities and controls.
- Perform an assessment of applications and environments to determine the activities needed to meet DOD cybersecurity requirements.
- Remediate system findings across client networks in accordance with USCYBERCOM, DOD guidance, and industry best practices as directed by IAO/M.
- Develop a plan for the required task activities to meet cybersecurity requirements.
- Maintain and monitor:
o Sourcefire IPS systems, analyzing resultant data
o HBSS Systems, analyzing resultant data
- Assess, plan, implement and maintain controls needed to maintain certified and accredited systems in accordance with DODI 8510.01 – Risk Management Framework (RMF), and applicable DOD, NIST, and current industry regulations and standards.
- Analyze systems, networks and applications to identify vulnerabilities, reducing opportunities for breaches and resolving past incidents.
- Ensure project team personnel know and understand issues and tasks related to cybersecurity requirements.
- Establish DOD and NIST compliant administrative/operational, technical, and physical/environmental safeguards to protect systems and data to facilitate the confidentiality, integrity, availability, authentication, and non-repudiation of Government information.
- Ensure that applications and environments comply with all appropriate DOD Security Technical Implementation Guides (STIG), National Security Agency (NSA) guides, and all applicable DOD and accepted industry policies.
- Maintain KG175D to support mission required secure data paths.
- Attend and support cybersecurity meetings with our government client and corporate teams as required.
- Support system security testing, audits and generation of remediation and mitigation plans.
- Inspect environment for vulnerabilities and compliance using manual checklist reviews and automated scanning tools using Government approved products.
- Ensure all categories of sensitive information, including PII, are secured and in compliance with all cybersecurity (IA) Controls from the DODI 8500.2 and Security controls from the NIST SP 800-53.
- Keep current all required cybersecurity training, certification, and tracking requirements.
- Track and ensure project team members have all required current cybersecurity training & certifications.
- Demonstrate to the customer sufficient policies, processes, and resources available to support, develop, and maintain an Incident Response Program.
- Provide support to all security environments and provide anti-virus solutions.
- Remediate systems across multiple networks.
- Perform risk analysis on assigned computer systems and applications for network lifecycle and manage communications with internal/external customers.
- Support weekly and monthly reports on administration and remediation activities.
- Assist in recommending improvements to the environments, processes and documentation.
Skills/Qualifications: Self-Motivated and Self-Monitoring, Exceptional Oral and Written Communications, Technical Communication, Problem Solving, Multi-tasking, Cybersecurity Experience, Security Architecture Design Experience.
Clearance: This position requires an active TS/SCI level of security clearance.
Education and Experience: A Bachelor’s degree in Computer Science, Information Assurance, Information System Security Engineering or a related technical field from an accredited institution is a plus; a minimum of five years of professional experience. If candidate does not have bachelor’s degree, then a minimum of five years of experience in a related field is required. Experience in or work for the U.S. military is also highly desirable. IAM Level II is required at the time of hiring. Experience with the Department of Defense and/or NIST Security Standards for the development of RMF compliant network systems for accreditation by DISA is also highly desirable. Documented experience with Cloud based systems, the implementation of security overlays, and the preparation of authority to connect (ATC) and authority to operate (ATO) documentation is highly desirable.