Cybersecurity Engineer

New Venture Research Corporation
Honolulu, United States of America
30 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 145K

Job location

Honolulu, United States of America

Tech stack

Audit Trail
CompTIA Security+
Computer Security
Computer Engineering
Networking Hardware
Information Systems Security Architecture Professional
Virtual Desktops
Network administration
NIPRNet
Security Information and Event Management
Software Vulnerability Management
Information Security Management System
Information Technology
Nessus
Scap Compliance Checker
Network Server
Vulnerability Analysis

Job description

The Cybersecurity Engineer is a mid-level cybersecurity professional responsible for managing and maintaining the cybersecurity posture of a Department of Defense (DoD) virtual desktop environment at a fixed facility in the Honolulu, HI area. This position is the primary cybersecurity subject matter expert for the program, with a focus on Risk Management Framework (RMF) compliance, Authorization to Operate (ATO) maintenance, STIG implementation oversight, vulnerability management, and continuous monitoring. Working under the direction of the IT Site Lead, the Cybersecurity Engineer ensures the system meets all applicable DoD IA/cybersecurity requirements and supports the program's ability to maintain an active, compliant ATO.

Key Responsibilities

RMF & ATO Management

Serve as the primary RMF practitioner for the program; manage all aspects of the system's ATO lifecycle including initial authorization, continuous monitoring, and reauthorization.

Develop, maintain, and update the system's RMF package in eMASS including System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and supporting artifacts.

Coordinate with the Authorizing Official (AO), SCA, and ISSM/ISSO representatives to support assessment activities and ATO decisions.

Track and manage all open POA&M items; coordinate with System Administrators, Network Administrators, and Engineers to drive timely remediation.

Ensure all system changes are assessed for security impact and processed through the appropriate change management and RMF review process.

Prepare and deliver required cybersecurity status reports and briefings to the IT Site Lead, OIC, and company leadership.

STIG Compliance & Vulnerability Management

Oversee and coordinate implementation of applicable STIGs across all system components including servers, workstations, network devices, and applications.

Conduct and coordinate vulnerability scanning using ACAS/Nessus and SCAP Compliance Checker; analyze results and prioritize remediation efforts.

Track STIG findings and vulnerability scan results; maintain accurate and current compliance documentation in eMASS.

Develop and maintain a vulnerability management program including scanning schedules, remediation timelines, and reporting cadence.

Review and validate STIG implementation by System Administrators and Network Administrators; provide technical guidance on remediation approaches.

Continuous Monitoring

Implement and manage the system's continuous monitoring strategy in accordance with NIST SP 800-137 and DoD continuous monitoring requirements.

Oversee audit log collection, review, and analysis; ensure anomalies and indicators of compromise are identified, documented, and escalated appropriately.

Ensure audit log retention practices comply with applicable DoD policies and ATO conditions.

Monitor threat intelligence feeds and security advisories; assess applicability to the system environment and coordinate response actions.

Conduct and coordinate periodic security control assessments to validate ongoing effectiveness of implemented controls.

Incident Response & Security Operations

Lead or support cybersecurity incident detection, response, and reporting in accordance with DoD incident response requirements.

Coordinate with the Site Lead, OIC, and appropriate DoD reporting channels for cybersecurity incidents and reportable events.

Develop, maintain, and exercise the system's incident response procedures.

Provide cybersecurity guidance and awareness to all team members.

Policy, Guidance & Training

Develop and maintain cybersecurity SOPs, policies, and guidance documents applicable to the system.

Provide cybersecurity training, awareness, and technical mentorship to system administrators and other technical staff.

Stay current with DoD cybersecurity directives, DISA guidance, and NIST publications; assess impact on the program and recommend policy updates., Normal operating hours are 0600-1800 local time. Extended or surge hours may be required in support of exercises or real-world operations. Schedule coordination is managed by the IT Site Lead.

Requirements

Do you have experience in Vuls?, Do you have a Bachelor's degree?, Demonstrated experience managing ATO packages in eMASS including SSP, SAR, and POA&M development and maintenance.

Proficiency with ACAS/Nessus, SCAP Compliance Checker, and DISA STIG Viewer.

Strong working knowledge of NIST SP 800-53, NIST SP 800-37, DoDI 8510.01, and applicable DoD cybersecurity policy.

DoD 8570/8140 IAT Level II compliance required minimum; IAT Level III or IASAE Level II strongly preferred.

Required certifications (one or more): CompTIA Security+ CE (minimum/IAT II), CISSP, CAP, CASP+ CE, or equivalent IAT III/IASAE II certification.

Preferred Qualifications

CISSP (Certified Information Systems Security Professional) strongly preferred.

CAP (Certified Authorization Professional) or equivalent RMF-specific certification.

Experience as an ISSO or supporting ISSO/ISSM functions in a DoD program.

Experience with continuous monitoring tools and SIEM platforms in a DoD environment.

Familiarity with VDI environment cybersecurity considerations and applicable STIGs.

Experience with DoD classified network environments (SIPRNet/NIPRNet).

Experience supporting operational military environments including exercises or real-world operations.

Required Education and Length of Experience

Bachelor's degree in Cybersecurity, Computer Engineering, Computer Science, Information Technology, or other related field

3+ years of experience in cybersecurity with direct, hands-on RMF experience in a DoD environment., This role will begin in July 2026. Candidates must be local to the site ready to begin work at that time.

U.S. Citizenship Requirements

Due to our contracts with the U.S. federal government and the requirement for a security clearance for this role, candidates for this position must be U.S. Citizens.

Clearance Type Required

Candidates must be able to maintain an active Top Secret with SCI eligibility security clearance (must be in-scope and adjudicated).

About the company

New Venture Research Corporation (NVRC) is a leading provider of innovative technology solutions supporting critical defense programs.

Apply for this position