Cyber Security Engineer

As the Cyber Security Engineer, the individual will perform tasks related to Assessment & Authorization (A&A) within MDIA to ensure assigned DoD, DoN systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. In this role, the Cyber Security Engineer will conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Additionally, the individual will serve as an Information Systems Security Officer (ISSO) and review and conduct technical security assessments of computing environments to identify points of vulnerabilities, non-compliance with established cyber security standards and regulations, and recommend mitigation strategies to the team.

Responsibilities

• Develops RMF documentation to include system security plan artifacts which include hardware/software lists, topology diagrams, PPS, vulnerability management plan, incident response plan, contingency plan, system POA&M, Information Security Continuous Monitoring (ISCM) Strategy, and all other DoD and Navy mandated artifacts that comprise the Security Authorization Package.
• Develops, maintains, and monitors the necessary artifacts for A&A package submission to receive ATC, ATT, and ATO authorizations.
• Conduct risk assessments of information systems to identify vulnerabilities, risks, and protection needs.
• Heavy participation in and responsible for RMF step 4 activities and requirements. Must prepare risk assessment documentation and artifacts according to the published Navy SCA requirements. Provides guidance and assistance for Navy RMF step 3 requirements.
• Performs weekly ACAS vulnerability scans utilizing DoD/DoN mandated practices and software utilities.
• Conducts assessments of cybersecurity control compliance in accordance with DoDI 8500.01, DoDI 8510.01, CNSSI 1253, and the Navy RMF Process Guide (RPG).
• Prepares daily, weekly, and monthly reports detailing task and responsibility status.
• Develops, reviews, and maintains RMF artifacts for RMF compliance. Updates artifacts as changes to the networks occur.
• Monitors and executes compliance as defined by Navy and DoD policy and guidance.
• Weekly uploads of vulnerability scans to VRAM tool.
• Updates and validates policies, processes, and SOPs, in accordance with DoN and DoD policies and regulations.
• Provides IT Security Incident Response support services and reports all tenant IT incidents ranging from security violations (i.e., information spillage and unauthorized usage) and suspicious activity reports.
• Performs RMF system categorization; selects controls, tailors security controls, implements controls, and tests security controls activities.
• Attends and leads meetings, works in a collaborative team environment to provide network security, stability and continuity.
• Performs other tasks as required by OSC and the Government contracting office.

Required Qualifications/Education and Experience

• High School diploma or equivalent.
• Minimum of seven (7) years of hands-on experience in the IT Security field and must meet or exceed OPNAVINST 5239.
• Must have at minimum two (2) years’ experience with Navy RMF or DoD RMF process and procedures; must have completed full DoD or Navy RMF authorization package from start to ATO.
• Must be DoD 8570 certified at the IAT-III/ IAM-III level - CASP, CCNP Security, CISA, CISSP, GCED, GCIH, CCSP, CISM, GSLC, CCISO.
• Subject matter expert level familiarity and knowledge of eMASS as well as experience in the development of Assessment and Authorization plans is required.
• In-depth understanding of computer security, Department of Navy, and DoD cyber security policies.
• Subject Matter Expert level of knowledge and familiarity with DISA Security Technical Implementation Guides (STIG), Assured Compliance Assessment Solution (ACAS), eMASS, other DoN, and DoD cybersecurity tools is required.
• Strong ability to communicate clearly and succinctly in written and oral presentations to government leadership.
• Have knowledge in network, physical, systems and application security practices.
• Must be familiar with intrusion detection and prevention measures and practices.
• Must be familiar with and have experience in tools and applications such as Firewalls, IDS/IPS, HBSS, eMASS, Nessus/ACAS, and SIEMs.
• Familiarity with Navy, DoD, NIST, and RMF processes.
• Experience running ACAS scans and utilization of Security Center.
• Must have and maintain a Secret personnel clearance and must be eligible for a TS/SCI.

Preferred Qualifications/Education and Experience

• Bachelor’s degree (preferably in Information Technology, Information Management, or Cyber Security).
• Certified Information Systems Security Professional (CISSP) certification.
• Navy SCA requirements to be certified as a Navy Validator.