Cybersecurity Engineer

Overview

Job Title: Cybersecurity Engineer Clearance Required: Active Secret Clearance Work Location: Remote

The Cybersecurity Engineer develops policies and procedures to ensure in the Cybersecurity IT environment information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data. The engineer conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs and promotes awareness of security issues among management and ensuring sound security principles are reflected in organizations' visions and goals.

The engineer conducts systems security evaluations, audits, and reviews and develops systems security contingency plans and disaster recovery procedures for review. Contributes to development and implementation of programs that ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. He or she participates in network and systems design to ensure implementation of appropriate systems security policies, and facilitates the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.

He or she participates in assessment of security events to determine impact and suggesting corrective actions; and/or ensures the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.

• Documenting, updating, and maintaining the current security assessment team processes
• Creating and maintaining charts, graphs, spreadsheets, databases, and other documentation related to the continual improvement of process procedures as well as team and departmental goals that are monitored for continual improvement
• Support the ongoing use of a data collection tool that is flexible in its ability to have the data be manipulated for reporting, and modified to track additional tasks, issues and totals
• Provides technical writing support for various development of policies and procedures in support of risk assessments
• Develops cybersecurity templates for use by cybersecurity personnel throughout the agency to support security authorization, configuration management, remediation management, and other cybersecurity assessment related activities
• Gather, consolidate, and integrate numerous technical and administrative input from technical personnel including engineers, technicians, and cybersecurity personnel
• Supports security reviews of information system documentation to determine security posture of the system as well as the security impacts to interconnected systems or enterprise
• Identifies common and inheritable security control applicability across a variety of platforms and applications
• Assesses and determines risk levels through in-depth vulnerability analysis, elimination of false positives, application of compensating controls, and recommended mitigation strategies
• Verifies scans against hardware/software and server lists to identify and remediate gaps
• Provides detailed documentation including data, analyses, and conclusions upon completion of interviews, tests, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities
• Assists in developing Plans of Action and Milestones (POAMs) for items that are out of compliance; identifies risks and remediation recommendations in collaboration with the system ISSO; validates POA&M remediation actions for closure recommendation
• Manages project expectations to ensure requirements are understood and agreed upon by stakeholders
• Performs research to ensure knowledge proficiency remains aligned to emerging technologies and industry best practices
• Identifies and recommends process improvements relating to the A&A process and/or established guidelines and procedures
• Engages constructively within the team to identify and resolve challenges and exploit opportunities

• Bachelor's degree or higher in an Information Technology or Cybersecurity field; educational requirements may be substituted with IA/IT industry certification with work experience

• 5+ years of experience in Information Assurance, and/or Cybersecurity and/or IT Security
• Experience working alongside an ISSO, ISSM, ISSE, Security Controls Assessor, or similar role preferred
• Strong communication skills (verbal and written) with a keen attention to detail. Candidate must be comfortable discussing status and risks/project impacts with all levels of management and project stakeholders
• Innovative and forward-thinking mindset
• Ability to work independently without a lot of oversight
• Strong Time Management skills
• Experience with RMF workflow tools, such as XACTA or eMASS
• Experience or familiarity with FedRAMP inheritable controls and cloud-based security principles
• Experience with industry tools such as Nessus, Web Inspect, App…