Cyber Security Engineer (A&A)

The Cyber Security Engineer (A&A) supports Assessment & Authorization (A&A) activities to ensure assigned DoD/DoN systems, enclaves, and networks achieve and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC). This role conducts risk assessments, develops RMF documentation, manages eMASS packages, and performs vulnerability scanning using ACAS. The engineer also serves as an Information Systems Security Officer (ISSO), conducting technical security assessments and recommending mitigation strategies to maintain compliance with DoD and Navy cybersecurity requirements., Assessment & Authorization (A&A) / RMF

• Develop and maintain RMF accreditation artifacts, including:
• Hardware/software inventories
• Network topology diagrams
• PPS, vulnerability management plans
• Incident response and contingency plans
• POA&Ms
• ISCM strategies
• All required DoD/DoN Security Authorization Package documentation
• Conduct cybersecurity control assessments in accordance with DoDI 8500.01, DoDI 8510.01, CNSSI 1253, and NIST SP 800?53.
• Manage and update eMASS records and A&A documentation throughout the lifecycle.

Vulnerability Management & CND

• Perform weekly CND vulnerability scans using ACAS/Tenable in accordance with DoD/DoN standards.
• Upload and track vulnerabilities in the Navy VRAM database.
• Troubleshoot non?compliant scans and generate required reports.

Cybersecurity Operations

• Provide ISSO support, including monitoring, reporting, and responding to cybersecurity incidents.
• Identify system vulnerabilities, non?compliance issues, and recommend mitigation strategies.
• Support Cybersecurity Test & Evaluation (CT&E) and program protection activities.

Policy, Documentation & Collaboration

• Update policies, SOPs, and processes to align with DoD/DoN cybersecurity requirements.
• Prepare daily, weekly, and monthly status reports.
• Collaborate with cross?functional technical teams to ensure network stability and compliance.
• Perform additional duties as assigned by OSC and the Government Contracting Office.

• Active Secret clearance with eligibility for TS .
• DoD 8570 IAT?III or IAM?III certification (CASP+, CISM, CISSP, CCISO, CISA).
• ACAS DISA Training Certificate or documented ACAS/Tenable training.
• Minimum 7 years of hands?on IT/Engineering experience.
• Minimum 2 years of DoN/DoD RMF experience, including completion of a full RMF package from initiation to ATO issuance.
• Expert?level proficiency with eMASS and A&A package development.
• Strong knowledge of DoN/DoD cybersecurity policies, STIGs, ACAS, VRAM, and related tools.
• Experience with firewalls, IDS/IPS, Nessus, SIEMs, and cybersecurity monitoring tools.
• Understanding of networking, telecommunications, OSI model, and multi?team technical collaboration.
• Knowledge of security practices across network, physical, systems, and application layers.
• Experience with Cisco, Linux, Windows, and VMware architectures.
• Excellent written and verbal communication skills., * Bachelor's degree in Information Technology, Cybersecurity, Information Management, or related field.