Cybersecurity Engineer; Linux
Listed on 2026-02-28
-
IT/Tech
Cybersecurity -
Engineering
Cybersecurity
Overview
Type of Requisition: Regular
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI
Public Trust/Other
Required:
None
Job Family: Cyber and IT Risk Management
Job QualificationsSkills: Cybersecurity, Endpoint Security, Linux, Splunk Enterprise Security
Certifications: None
Experience: 8 + years of related experience
US Citizenship
Required:
Yes
Description: We are seeking a highly skilled and multi-faceted Cyber Engineer for a critical contract role supporting Google's SIPRNet enclave. The ideal candidate is a proactive and seasoned professional with extensive, hands-on experience navigating Red Hat Linux, the NIST 800-53 Risk Management Framework (RMF) control requirements, and Security Operations for a classified network in a unique commercial cloud setting. This role requires a blend of technical engineering prowess to provide Security Operations support as well as a deep understanding of continuous monitoring control requirements to prepare for security assessments and auditing.
You will be a key contributor to our SIPR Enclave team, supporting the SIPR Enclave Lead in RMF activities and the Senior Cyber Engineer in security operations support.
From a RMF perspective, as directed by the SIPR Enclave Lead -
- Supports maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring.
- Supports control implementation statement updates, documentation development for plans or procedures, artifact identification for assessments, and body of evidence generation.
- Supports POAM mitigation and/or remediation activities.
From a Security Tools administrative perspective, as directed by the Senior Cyber Engineer, the Engineer -
- Ability to update and maintain security tool versions (Splunk, Trellix, etc).
- Configure, patch, and update the Linux operating systems
- Monitors the following security applications:
Splunk, Trellix, Tenable - Scanning implementation (Tenable.sc, SCC Tool)
- SIEM implementation (Splunk)
- Endpoint security implementation (Trellix)
- Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g., for Tenable plugins), etc.
For the SIEM:
- Ensure security systems are up to date and implemented.
- Validate the telemetry from the hosts and security applications are forwarded to the SIEM.
- Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories.
- Triages all alerts from the SIEM to ensure activity in the environment is authorized.
- Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan.
For scanning/STIGs:
- Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate.
- Reviews the scans to confirm correct, actionable data is generated to support the patching activities.
- Reviews STIG results and supports the team in implementing corrective action as applicable.
For endpoint management:
- Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied.
- Triages all alerts from the tool to ensure activity in the environment is authorized.
For insider threat monitoring:
- Ensures deployment of tool and related modules are performing as intended.
- Monitors aggregate user data as directed.
- Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.
- Education:
BA/BS Degree or equivalent experience in lieu of degree
- Experience:
8+ years of related experience
- Ability to use security operations of Splunk and Trellix.
- Ability to update security applications, such as Splunk and Trellix.
- Ability to harden the system using STIGs.
- Ability to update the underlying security tools Linux operating system.
- Role requirements:
Knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles. - Certifications:
Must be DoD 8140 / 8570.01-M compliant (e.g., including but not limited to Security+)
- Investigation/Clearance Level:
- Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).
Location: Onsite at the classified operations center in McLean, VA.
Preferred Qualifications- Hands-on experience with security operations of Teramind.
- Hands-on experience with Tenable.sc.
- 5 days onsite McLean, VA
The likely salary range for this position is $142,792 - $175,950. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly
Hours:
40
Travel Required: 10-25%
Telecommuting Options: Onsite
Work Location: USA VA Mc Lean
Additional Work LocationsTotal Rewards at GDIT:
Our benefits package for all US-based employees…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).