Cyber Security Engineer, Mid/Senior
Role details
Job location
Tech stack
Job description
The Cyber Security Engineer, Mid/Senior is responsible for ensuring software applications, systems, and networks comply with Department of Defense cybersecurity and risk management requirements. This role conducts security assessments, vulnerability analysis, compliance audits, and continuous monitoring to evaluate and strengthen system security.
Responsibilities
Utilizing best practices and methods for monitoring, auditing, and measuring risk, compliance, and assurance efforts.
Ensuring risk, compliance, and assurance efforts conform to Department of War (DoW) security, resilience, and dependability requirements at the software application, system, and network levels.
Documenting preliminary or residual security risks for system operation.
Verifying that the software application/network/system authorization and assurance documentation is current.
Monitoring and evaluating a system's compliance with DoW security, resilience, and dependability requirements including performing validation steps, comparing actual results with expected results and analyzing the differences to identify impact and risks.
Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against applicable NIST controls.
Recommending new or revised security measures and countermeasures based on risk analysis then verifying that security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
Responsible for the operation of DOW tools, security monitoring and auditing solution utilizing a COTS product i.e. (Elastic Endpoint Security Solutions (ESS), etc.) and industry wide best practices.
Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in the security plan.
Conduct annual inspections to validate system updates, configuration compliance utilizing technical scans, and physical observations at domestic and foreign sites (~10% travel).
Data collection, documentation and reporting on all the above responsibilities as required. Perform other duties as assigned to realize mission success.
Support Stakeholders in the operation of the comprehensive Elastic platform in terms of know-how and the technologies used.
Performs other duties as assigned., Employees in these positions will function in a general office/cubicle setting environment, and laboratory/testing setting using standard office equipment and various electronic testing equipment, including a computer, telephone, printers, video equipment, computer software, and testing equipment. Will interact in a general office setting environment with various personnel; participate in meetings and contribute to team success; deliver timely results and produce reports; receive and communicate information; may include telework. May function in a specialized laboratory/testing environment using electronic testing equipment, computer software, and complex systems. May move and test equipment of various weights. Laboratory environment may require use of protective equipment (PPE) including but not limited to safety glasses and protective hearing and footwear. May be expected to work varying shifts and hours to ensure successful operation of activities in the organization due to business demands; travel occasionally for assigned work.
Requirements
Bachelor's degree in Computer Science or a related field, or equivalent experience (experience may be substituted for a degree).
Mid and Senior-Level candidates considered (5-20 years).
5+ years of cybersecurity experience, preferably supporting Department of Defense (DoD) environments.
5+ years of experience administering and securing Red Hat Enterprise Linux (RHEL) operating systems.
5+ years of experience with DoD cybersecurity tools and processes, including eMASS, STIGs, IAVAs, ACAS/Nessus, SCAP, and RMF documentation.
5+ years of experience conducting vulnerability assessments, system audits, POA&M management, and RMF package development.
5+ years of experience working with cybersecurity frameworks and standards such as NIST and NISPOM.
Minimum Qualifications
Meet DoD 8570 Information Assurance Technical (IAT) Level III or Information Assurance Management (IAM) Level III certification requirements upon employment (e.g., CISSP or CISM).
Experience with Red Hat Enterprise Linux (RHEL) operating systems.
Working knowledge of DoD security policies and procedures.
Understanding of Enterprise Mission Assurance Support Service (eMASS), Security Technical Implementation Guides (STIGs), IAVAs, Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Evaluate-STIG Validation Tool.
Knowledge of ACAS, Nessus, Elastic, SCAP, POA&Ms, NIST, NISPOM, system audits, vulnerability scanning, and RMF package development.
Strong oral and written communication skills.
Ability to work independently while collaborating effectively within a team environment.
U.S. Citizenship with Active Secret Security clearance and ability to maintain the designated security clearance level is required.
Desired Skills / Preferred Qualifications
Linux certification (Linux+, LPIC, RHCSA, or RHCE).
Previous experience supporting the Missile Defense Agency (MDA), its elements/components, or similar system-of-systems environments.
Experience working in DoD mission assurance or enterprise cybersecurity environments.
Desired Skill Sets/Preferred Qualifications:
Linux certification such as Linux+, LPIC, RHCSA, or RHCE.
Previous experience supporting the Missile Defense Agency (MDA), its elements/components, or comparable system-of-systems environments.
Experience in DoD mission assurance or enterprise cybersecurity operations.
Benefits & conditions
SimTech offers a market leading compensation package with excellent benefits, work/life balance, outstanding retirement plan, career advancement and much more.