Sr. Cybersecurity Engineer (ISSO)SummaryTitle:Sr. Cybersecurity Engineer (ISSO)ID:487Department:AllLocation:Bethesda, MDDescriptionExcentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.We have an opportunity for a Sr. Cybersecurity Engineer to support one of our Federal customers.MINIMUM CLEARANCE LEVEL: DOD SecretCITIZENSHIP: US CitizenshipLOCATION: Remote with some on site required in Bethesda, MDThe Sr. Cybersecurity Engineer will analyze and define security requirements for Multi-Layer Security (MLS) issues. Perform risk analyses, which include risk assessment. Activities will include risk assessments, annual reviews, and ATOs. Prepare and maintain a current POA&M that identifies system weaknesses, vulnerabilities and proposed mitigation activities- recommendations, mitigation schedules based on the availability of resources required, points-of contact that are responsible for mitigation activities, and status of the mitigation/remediation activities. Support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for latest programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities. Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with Defense Health Agency (DHA) directives and applicable Risk Management Framework (RMF) requirements. Provide support for a system or enclave's information assurance program through security authorization activities in compliance with RMF. Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Draft documentation needed to announce new cyber security initiatives and participate in building and implementing processes surrounding cyber security.Responsibilities:Develop/maintain processes that implement the DoD Security program.Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,Lead in the development of Plan of Action and Milestones (POA&M) and compliance.Develop ATO package for reaccreditation.Work with DHA ISSM to meet all Cyber standards for DHA systemManage POA&Ms and mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.Support Validation of IT security architecture for compliance.Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program.Conduct Incident Response and forensic analysis when necessaryAssist in management of the assessment/authorization program for Health Information Technology (HIT) information systems.Ensure compliance with DHA RMF policies and procedures.Maintain the electronic registration of systems in Enterprise Mission Assurance Support Service (eMASS), DoD Information Technology (IT) Portfolio Repository (DITPR), or other Portfolio as directed.Update documentation as system information changesCoordinate Annual Security Assessment ReviewsSupport/Perform assessment of NIST 800-53 controlsPerform Vulnerability scanning and remediationRequired Education:BS/BA preferred in Computer Science or related field of study (can be substituted for 5 years professional experience)IAT Level II Certification- Security +, CCNA-SecurityCISSP is a plusRequired Skills:Minimum 5 years’ experience within Cyber Security fieldUnderstanding DOD STIGs and ability to provide direction based on STIGsStrong knowledge of Risk Management Framework (RMF)Must be capable of independent management of projects (Experience in MS Project or similar).Able to work in team environments and independentlyAbility to write procedures and other informative correspondenceAbility to read, analyze and interpret security regulationsGood analytical and problem-solving skills to troubleshoot and resolve network/operating system security issuesKnowledge of eMASSWe take pride in building a workforce with a strong Veterans focusExcentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.Excentium, Inc. is an equal opportunity employer