Cybersecurity Engineer

Location: 100% remote

Years’ Experience: 4+ years

Education: Bachelor’s Degree in Cybersecurity or IT related field

Security Clearance: The applicant must possess an active Secret security clearance

Key Skills:

• RMF package and Assessment and Authorization (A&A) experience using eMASS
• Experience with AWS
• Must possess an active CISSP certification or equivalent

Responsibilities:

• Collaborate with customers and internal engineering teams to lead required RMF process/steps to assess and authorize a system obtaining and maintaining a full ATO (Authority to operate).
• Assist the customer with authorizing assessment and authorization (A&A) documentation.
• Support writing and reviewing of Risk Management Framework (RMF) documentation packages to support risk assessments.
• Expected to contribute to Product or Network Information Security Engineering activities pertaining to CDRLs, trade studies, security requirements analysis, secure architecture development, management & compliance with security controls, design review milestones (SRR, SDR, PDR, CDR) and security test/verification activities.
• Perform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies to translate customer Information Security requirements into hardware and software specifications.
• Provide Information Assurance (IA) technical leadership for development teams of new multi-discipline (mechanical, electrical, software, RF, etc.) products.
• Strong understanding of Navy RMF procedures for ATOs, MFRs, and Use Cases.
• Provide technical support including design, deployment and RMF packages.
• Design and execute the security testing plan of all requirements and analysis required to complete a RMF package document for submittal and approval.
• Knowledge of web application security, mobile application security, and DoD RMF processes, procedures, governance.
• Malware detection for Windows and Linux.
• Knowledge of Cybersecurity, Network, Systems, and Software Engineering best practices.
• Experience with DoD eMASS, STIGs, and SRGs.
• Be proficient with vulnerability scanning tools and frameworks to evaluate the security posture of a system.
• Assist the customer in preparing training conferences, exercises, and video teleconferences to meet annual IA training objectives.
• Have technical understanding of cloud technologies (i.e., AWS) and their implementation within the customer’s network environments.

Qualifications:

• Must possess an active Secret security clearance.
• Bachelor degree or higher education required.
• 4+ years of cybersecurity professional experience.
• Experience with requirements analysis, architect, design, and documentation development of cybersecurity and information security solutions.
• Experience leading RMF packages for IATT/ATO activities involving custom on-prem and cloud solutions is a bonus.
• Experience performing vulnerability risk analysis on the deficiencies found during RMF control testing.
• Experience in writing and managing RMF body of evidence documents (i.e., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Management Report (RMR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP).
• Experience with cybersecurity tools and scanners used to evaluate the security posture of the system/enclave (preferred tool experience: tenable.io, Nessus, GitLab, Docker, Palo Alto Prisma Cloud, Fortify, AWS Inspector, BurpSuite, ZAP).
• AWS Cloud security knowledge including architecture, design, deployment, and management of cloud security technologies.
• Experience utilizing vulnerability analysis and assessment tools such as Nessus, ACAS, and/or SCC.
• Experience with content development and administration of SIEM/audit reduction tools such as Splunk.
• Experience supporting account, PKI, and LDAP configuration and management.
• Knowledge of Layer 3 architecture and diagramming within Visio is a bonus.
• Familiarity with Linux administration as well as scripting experience (Python, Bash, Shell, Perl).
• Experience with eMASS, MCCAST, Jira, Agile, Accelerator, and/or Bitbucket is a bonus.
• Familiarity with Model Based System Engineering (UML, SysML, DoDAF) is a bonus.
• Experience as a Navy Qualified Validator (NQV) Level III validator is a bonus.

About Sparibis:

Sparibis LLC is a professional solution firm that Clients rely on to access the best talent to drive their business success. Sparibis is an equal opportunity employer that values diversity at all levels. All individuals, regardless of personal characteristics, are encouraged to apply.