N

Cybersecurity Engineer

Netizen Corporation
Full-time
On-site
Herndon, Virginia, United States




Information Systems Security Engineer / Cybersecurity Engineer

Netizen Corporation is actively hiring a mid-level cybersecurity professional to work as an Information Systems Security Engineer / Cybersecurity Engineer on our long-term contract with the Navy in Suitland, MD. Successful candidates will possess an understanding of risk management and will be able to apply broad knowledge of cybersecurity engineering, systems engineering, networking, database, software, regulations, policy, and encryption to highly complex training systems. The ISSEs / CEs will work as members of a top-notch team of engineers, working directly with government civilians, military leadership, and other contractors in trusted roles. This role supports the Navintel Cloud Environment (NCE) within the Office of Naval Intelligence (ONI). The role will require some on-site work with partial telework (up to ~25%) as approved by the Project Manager. The ideal candidate has significant security engineering experience in an operational environment and is comfortable with prioritization of complex tasks and executing with a minimum of direction. On-site location is Suitland, Maryland.

Primary Responsibilities:

  • Act as an extension of the government cybersecurity workforce, embedded within a Program Management organization responsible for the successful acquisition, implementation, testing, accreditation and support of complex Cloud environments and service offerings.
  • Review requirements and identify cybersecurity-related challenges to implementation of requirements to recommend risk reduction or mitigation to ensure high fidelity in operational cloud environments for the Office of Naval Intelligence.
  • Manage the Risk Management Framework process from cradle to grave utilizing Enterprise Mission Assurance Support Service (eMASS) for restricted networks operating as a Cloud Broker at both the NIPR and SIPR level and XACTA 360 at the JWICS Level in an increasingly complex cloud agnostic environment.
  • Utilize eMASS and XACTA to meet RMF requirements, such as triannual ATO efforts, annual FISMA requirements, monthly and quarterly POA&M workflows, etc. with the ability to translate traditional concepts and how they apply to emerging cloud technology.
  • Conduct Federal Information Security Modernization Act (FISMA) and Assessment and Authorization (A&A) audits, as well as supporting Command Cyber Readiness Inspections efforts (CCRI).
  • Work closely with the ONI cybersecurity department to conduct RMF efforts, as well as interact with third party SCA-V (validators) assessing IT systems.
  • Apply functional knowledge of DoDI 8510.01, CNSSI 1253, DoD Instruction 8500.01, NIST 800-53 rev4, AR 25-2, other NIST Publications, and associated controls.
  • Utilizing cybersecurity tools, such as Vulnerator, eMASSter, Evaluate STIG, and STIG Viewer, as well as other DoD/ONI tools and techniques, to build eMASS and XACTA packages, implementation plans, security plans, cloud service offerings with responsibility matrixes and other RMF artifacts for inclusion in the overall RMF workflow such as cloud Inheritance packages and Common Control offerings.
  • Perform all steps of the Risk Management Framework (RMF) process, from categorization, control selection, implementation and analysis, authorization, and continuous monitoring and assist in tenant onboarding and modernization of systems to NCE.
  • Perform all aspects of Systems Development Life Cycle, including contract review and development (SLA, MOU, etc.), DevSecOps, change request, technical refresh, and testing and validation.
  • Communicate complex technical and programmatic information both verbally and in writing (technical reports and briefings).
  • Interface with other contractor organizations to effectively identify vulnerabilities/risks to cloud systems, recommend mitigation or acceptance of those risks, and apply best practices to help the government team make risk-based decisions on treatment of vulnerabilities/risks.
  • Utilize knowledge of server and database operating systems (Windows Server, Windows 10, Linux, Kubernetes, Docker, SQL, etc.), network and security devices (switches, routers, firewalls, IDS/IPS such as HBSS, VPNs), and cloud technologies (AWS highly preferred) to assess Change Control Board (CCB) proposals for cybersecurity impact and make recommendations on adoption.
  • Maintain and apply current knowledge of Cloud offerings such as Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) and various vendor neutral services.
  • Maintain and apply current knowledge of emerging cybersecurity threats and trends.

Experience / Skills:

·         At least 3 years of DoD cybersecurity experience.

·         At least 3 years of experience conducting NIST RMF assessments and security engineering support.

·         At least 1 years of functional cloud experience (AWS highly preferred).

·         Functional knowledge of DoDI 8510.01, CNSSI 1253, NIST 800-53 rev4, and associated controls.

·         Familiarity with systems engineering, systems development lifecycles, networking, systems administration, Security Operations Center (SOC) practices and technologies.

Minimum Education Requirements:

·         An undergraduate degree in Cybersecurity, Systems Engineering, Computer Engineering, Computer Science, or related engineering-focused discipline is highly preferred.

Certification Requirements:

  • Certified Information Systems Security Professional (CISSP) or equivalent is required.

Security Clearance:

  • Must possess an Active DoD Top Secret security clearance.