Senior Cyber Security Engineer
Charlottesville, VA | Perm
Sr. Cyber Security Engineer
- The Senior Cyber Security Engineer will be responsible primarily for the Risk Management Framework (RMF) Assessment and Authorization support for the authorized networks and Cloud platforms managed by AC2SP.
- The Senior Cyber Security Engineer will provide cybersecurity engineering, systems architecture, and Assessment and Authorization (A&A) support to ensure that all customer related missions remain certified and accredited and satisfy all cybersecurity requirements.
- Will actively work to improve the security posture of the organization through the proper implementation and effectiveness of technical security controls and provide summary evidence of this in each monthly summary report
- Will support the full RMF lifecycle for the Army MI C2S baseline on each network domain
- Will create and maintain extensive A&A Body of Evidence (BOE) documentation to include enterprise System Security Authorization Agreement, plan of action, and milestones, waiver and exception documentation while ensuring the technical accuracy of all specified BOEs.
- Will be responsible for implementation of a Continuous Monitoring plan IAW NIST 800-53.
- Will be responsible for implementing security solutions in a multi-tenant Windows and Linux environment on commercial cloud service providers (Amazon Web Services).
- Will provide security control guidance and recommendations, to include those requirements found in NIST 800-53, Director of Central Intelligence Directives (DCID) 6/3, DoD Information Assurance Certification and Accreditation Process, DoD Instruction (DoDI) 8510.01 RMF, 500 Intelligence Community Directives (ICDs) to include applicable overlays, Continuity of Operations Planning, Security Technical Implementation Guide and Assured Compliance Assessment Solution (ACAS) scan results
- Will conduct hands-on evaluations of technical configurations on diverse technologies such as network devices, operating systems, and platforms supporting virtualization, database, web and applications in the environment and prepare briefing of those technologies to support improving security posture of the organization.
- Active TS/SCI Security Clearance
- BS degree in Computer Science, Information Technology, Engineering, Physics, or Mathematics.
- MS Degree in Computer Science or 10 years' experience in Information Assurance and Cyber Security related fields.
- CISSP certification
- Five years' experience with IC, DOD, or Army assessment and authorization practices and processes under ICD 503 Risk Management Framework (RMF) and implementing NIST 800-53 security controls for U.S. Government networks and applications
- Three years of demonstrated experience conducting security evaluations for systems and applications; publishing RMF Body of Evidence(s) (BOE), supporting security control assessment validation activities, and successfully achieving Authority to Operate (ATO) for referenced U.S. government systems
- One year of experience creating and implementing a Continuous Monitoring plan IAW NIST 800-53
- One year of experience designing and implementing security solutions in a multi-tenant Windows and Linux environment on commercial cloud service providers (Amazon Web Services or Microsoft Azure).Experience with the Risk Management Framework and DIACAP
- Strong written and verbal communications skills
- Experience with RHEL and Windows systems administration
- Ten years professional experience supporting technology delivery to commercial or government clients (via engineering, testing, deployment, operation, or maintenance of IT systems)
- Proven ability to participate in the analysis of IT and business issues, specifically the translation of concepts to technical implementers and non-technical decision-makers clearly and completely with minimal preparation
- Experience with Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS)
- Knowledge of secure IT architecture and computing hardware and software