Job Title:
Cybersecurity Engineer
Job Location: per contract location or per Rampant Office locations:
Sarasota, FL
I. Company Summary
Rampant employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At Rampant, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. Rampant is an Equal Opportunity Employer.
II. Job Summary
• A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource that is a part of the Rampant team reporting to the Principal Engineer overseeing the CSE team to deliver innovative Cyber Security solutions that are in alignment with the company’s goals.
• The CSE will be tasked to execute against Contract level programs/projects/sub-projects that are within their immediate supervising PE’s contract portfolio and/or to matrixed sister contracts managed by other PEs.
• The CSE position assists the Principal Engineers (PE) on their assigned Contracts with the planning and support and implementation of existing and new contracts plus helps assess opportunities for expansion of existing business and/or help identify net new opportunities.
• Key Measures of successful performance for CSE:
Contract measure – per contract, on-time delivery of assigned tasks that meet the contract scope, standards, and stated deadlines per each contract/project assignment (barring no documented delays or scope constraints imposed outside of the individual contributors span of control).
Functional measure – annually renews key certifications associated with job description and actively engages in at least 1 training program per year that supports the job/mission.
Company measure - consistently demonstrates the company’s Core Values – PRIORITIZING QUALITY & PROFESSIONALISM, INNOVATION AND EVOLUTION, DEMONSTRATING INTEGRITY, WE EXIST TO ASSIST- OPS IS TOPS, AND CONTINUOUS IMPROVEMENT
III. Essential Duties & Responsibilities
• SME on problem identification, diagnosis, and resolution of problems
• Develop best practices for processes and standards that will better the system
• Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements.
• Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.
• Perform hardening of ops systems, COTS and open-source product
• Validate best practices in Penetration testing, Configuration analysis, and Security
• Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing. Generating/maintaining security accreditation artifacts associated with RMF process to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, Continuous Monitoring Plans)
• Perform timely updates in accreditation DB
• Provide technical guidance focused on information security architecture.
IV. Key Skills, Education & Experience
• Education: Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline. Without a degree then total of Twelve (12) years of Cybersecurity Engineer experience may be substituted for a bachelor's degree.
• Required Experience and Skills:
• Minimum of eight (8) years’ relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity is required; ideally three (3+) years of direct experience in the same level/grade for like role.
• Techno functional knowledge of/experience in:
Execution of the Assessment & Authorization (A&A process) in accordance with government requirements (e.g. ICD-503)
Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
Integrity, availability, authentication, and non-repudiation concepts
IT security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Network access, identity, and access management (e.g., public key infrastructure (PKI))
Security system design tools, methods, and techniques
Relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure.
TCP/IP networking technologies, Linux account administration, Linux folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and Linux platforms.
Continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques.
Virtualization technologies (e.g. VMWare, Docker)
OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic
DoD/IC system security control requirements
XACTA and SNOW
Security testing and penetration tools that include Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire, etc…
Hands on experience and proficiency with the full Microsoft Office Suite and tools such as Microsoft Project, Microsoft Visio
Self-starter/motivator and having a proactive and strategic mindset are a must
Strong Written & Verbal Communication Skills
• Desired Experience and/or Skills:
• Understanding of Independent Assessor principles and organizational requirements that are relevant to confidentiality.
• Ability to articulate business and technology needs/constraints to both technical and non-technical project team members and end users alike.
• Experience working in a matrixed environment.
• Strong Collaboration & Coalition Building Skills
• Interacts with all levels of the company and its customers/partners with patience, courtesy, diplomacy, and professionalism.
V. Contract/Project Support Responsibilities:
• Assist PE with Customer Relationship & Account Management (relationship building and Issues escalation/remediation)
• If Journeyman Level – assist PE and project leads with Project & Task Execution & Monitoring in support of assigned contracts and programs. If Mid or Senior level may also include project lead tasking.
• Critically evaluate information gathered from multiple sources; reconciling conflicts in information gathered.
• Knowledge exchange with newly assigned team members
• Timely delivery against Tasking – technical work as assigned, contract documentation, quality reviews, etc
• Tasking Status as defined by contract and/or PE - performs written check-ins/status and participates in all contractually obligated status per contract and/or the Principal Engineer’s guidelines (Zoom/Conference Calls and/or onsite as needed if different from normal office location)
• Provides timely feedback to Contract level PE if encountering challenges within a project that will impact delivery and ensure both your direct manager PE and matrixed Contract PE is aware of any schedule outages (time off/training)
• Contract escalation resolution – within the internal contract team and within customer as necessary
• Assist PE and Rampant Leadership with the identification of upsell opportunities within existing contracts as well as identifying new lead generation. And as warranted assist with RFI/RFPs necessary to garner new work.
• When assigned/matrixed to contracts outside of assigned PE supervisor’s portfolio of projects – ensure lines of communication stay open with both the Contract Manager and immediate supervisor/PE.
• Adheres to other performance measures as assigned during contract assignments and annual goals alignment.
• Performs other duties as assigned.
VI. Team Aligned Responsibilities:
• Remaining focused on mission/top priorities as assigned
• Participation in annual self-evaluations
• Adherence to the company’s core values, priorities and mission
• Continued focus and interest in development of skills that benefit the individual contributor and the company’s mission.
• If Mid or Senior Level - Peer Mentoring; assist PE’s with constructive coaching, and mentorship to more junior team members learning new components of their job.
VII. Certifications & Credentials:
• Must have certifications (certifications with * indicate willing to hire if certification is within 3-6 months of finalizing):
• Active TS/SCI w/ Poly clearance required
• Current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment.
• MUST meet DoD 8570 IAT Level III requirements
• IAT Level II Certifications (Security+ or equivalent)
VIII. Language Skills
• All output, communications, materials will be generated in English.
IX. Physical Demands
• Predominantly stationary, office centric work
• Travel