Cyber Security Engineer 3

Support multiple task orders under the DOMEX Technology Platform contract supporting NMEC by designing, developing, and implementing secure systems in on-premises infrastructure and integrating security across the system lifecycle., * Support the secure architecture, design, and implementation of DoD systems in accordance with DoDI 8510.01, NIST SP 800-53, and other DoD security guidance.

• Lead integration of RMF activities into the SDLC, including selection, implementation, and validation of security controls.
• Develop and maintain SSPs, SARs, risk assessments, and POA&Ms.
• Apply STIGs and validate compliance using SCAP, STIG Viewer, and ACAS.
• Maintain scanning infrastructure and analyze vulnerabilities for mitigation or risk acceptance.
• Support system authorization, incident response, forensics analysis, and security automation efforts.

• Active TS/SCI with ability to obtain a CI Polygraph.
• Bachelor's degree with a minimum of six years of experience in the category field. Three additional years of experience may be substituted for the bachelor's degree.
• At least one DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE.
• Developer experience preferred in at least one scripting or programming language.
• Experience reviewing cybersecurity vulnerabilities for risk and relevance and building mitigation/remediation plans across systems, network, application, and database vulnerabilities.
• Ability to architect, design, troubleshoot, maintain, and deploy vulnerability scanning solutions such as OWASP, Fortify, SonarQube, and Tenable.
• Experience with XACTA, eMASS, or similar tools.
• Strong understanding of Microsoft Windows and Linux/UNIX operating systems.
• Experience with middleware/web technologies, databases, TCP/IP networking, and CI/CD platforms.
• Familiarity with NIST 800-171, 800-172, NIST SSDF, CMMC, and CNSSI 1253.
• Experience supporting DoD/IC systems through the RMF+ process.

Preferred Qualifications

• Software development experience with Python, Java, or React.
• Experience successfully achieving ATO under RMF+.
• Experience with big data applications.
• Experience with GitLab, Jira, and Confluence.
• Experience in Agile environments.
• Experience with OIDC or OAuth2.
• Experience with Kubernetes, Rancher, Strimzi, Cloudera, Active Directory, and scripting languages such as Bash, Python, or PowerShell.

Required Education and Experience Equivalency

Education Years of Experience High School Diploma/GED 9 Associates Degree 9 Bachelors' Degree 6 Masters' Degree 6 PhD 6 Required Certifications

• One DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE.

Required Security Clearance

• Active TS/SCI with ability to obtain a CI Polygraph.

• Competitive fixed salary or hourly pay (based on experience, skills, location, and internal equity).
• Employee referral bonuses up to $10,000 per hired referral.
• Additional bonus opportunities for exceptional performance and contributions to business development and company growth (role-dependent).

Health

• 100% company-paid medical premiums for employees and eligible dependents.
• Choose from multiple plan options with CareFirst, Kaiser, and UnitedHealthcare, including PPO, POS, HMO, and HSA-compatible plans.
• 100% company-paid dental premiums for employees and eligible dependents.
• 100% company-paid vision premiums for employees and eligible dependents.

Income Protection

• 100% company-paid premiums for short-term disability.
• 100% company-paid premiums for long-term disability.
• 100% company-paid premiums for accidental death & dismemberment (AD&D).
• 100% company-paid premiums for life insurance up to $200,000.

Retirement

• 401(k) with immediate vesting: 4% company match plus a 4% non-elective company contribution (8% total).
• 401(k) pre-tax and Roth options.

Leave

• Up to 20 days of flexible paid time off (PTO).
• 11 paid floating holidays.

Work-Life Balance

• Flexible work schedules, including flex time and compressed work periods (contract and project-dependent).