Overview
Skills
Job Details
LTS is seeking an experienced Senior Cybersecurity Engineer to to provide comprehensive security engineering services in support of secure system design, development, testing, and compliance. This role involves embedding security across all phases of the software development lifecycle (SDLC), supporting Risk Management Framework (RMF) efforts, assisting with security documentation for Assessment & Authorization (A&A), and performing technical risk assessments in accordance with Department of Commerce (DOC) and federal requirements. This position is on-site in Washington D.C. and is contingent on award.
LTS provides trusted consulting, and solutions in an increasingly complex and growing world. Our deep expertise in technology and analytics helps us serve a broad constituency of clients that range from cabinet-level departments of the U.S. Government to the largest Federal IT contractors in the world.
LTS is a leading information technology (IT) provider for mission critical systems leveraging the latest technologies to deliver cutting edge solutions from small mobile applications to large, complex enterprise applications. Our professionals specialize in multiple disciplines including program management, system integration, system design, system development, cybersecurity, infrastructure and data analytics.
Responsibilities:
- Ensure security and privacy considerations and requirements are embedded in all relevant phases and aspects of the SDLC lifecycle. The SDLC consists of, but may not be limited to, threat modeling, requirements, design, development, integration, testing (unit, integration, functional, regression, and security), deployment, operations & maintenance (O&M), and configuration management (CM);
- Responsible for the design, development, integration, testing, implementation, deployment and operations & maintenance of tools for the automation of security testing in support of Assessment and Authorization (A&A);
- Provide direct security engineering support to OCIO and program office IT projects to ensure secure, modern, and effective delivery of business goals and objectives;
- Responsible for liaising with the Chief Technology Office (CTO) to incorporate security into the enterprise architectural design;
- Create enterprise benchmarks for technologies utilized within the enterprise by utilizing DOC approved hardening standards (Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG), Center for Internet Security (CIS) Benchmark);
- Create the configuration audit file to scan technologies for compliance with the defined enterprise benchmarks;
- Define and automate security test methodologies for systems to ensure all security controls are properly tested;
- Test methodologies may consist of automated tools and manual test procedures.
- Coordination with all stakeholders is required to ensure the security test methodology is in accordance with tile appropriate policy, standards, guidance, and best security practices.
- Perform design reviews for new technologies and services for DOC customers. New technologies may include, but are not limited to, Cloud technologies, micro-services, micro-segmentation, DevSecOps, Hardware, Operating System, Web technologies, SQL Databases and Big Data/NoSQL databases;
- Provide Security Engineering expertise, on an as needed basis, to support to the Security Control Assessments (SCAs);
- Define, map, tailor, and advise projects/programs on implementation of security controls IAW with NIST 800-53 for systems, as applicable;
- Provide technical support and expertise to the Information System Security Officer (ISSO) in the development of all security documentation in preparation for A&A.
- Provide guidance and recommendations to System Owner (SO), Service Manager, the IT Security Community Manager, and IT Security working groups regarding the Cybersecurity Posture of the IT capabilities;
- Participate as a member of project Teams to ensure IT projects account for security design and assessment requirements and evaluate self-assessment results and evidence to streamline assessment;
- Ensure real time monitoring requirements are implemented during the SDLC to minimize manual assessment efforts;
- Determine the Independent Verification & Validation (IV&V) test level of effort for each planned system or enclave;
- Participate in all test execution and planning activities, including meetings, and working groups;
- Review the RMF documentation prior to IV&V to determine security readiness of system, site, or enclave.
- Collaborate with the ISSO to conduct in-depth analysis of IV7V, A&A, and functional/operations test results for accuracy, compliance, and adherence to DOC and Federal Information Assurance technical and operations security requirements.
- Collaborate with the ISSO to document residual risks by conducting a thorough review of all vulnerabilities, architecture and providing the information assurance risk analysis and mitigation determination results for any required test or risk reports.
- Assist the ISSO with producing the risk assessment artifacts describing residual risks identified during testing or analysis.
Required Skills, Experience & Qualifications:
- Bachelor s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field is required.
- A minimum of 7 years of experience in cybersecurity or a related field.
- Active TS/SCI clearance or TS with SCI eligibility
- Relevant network engineer certification and/or industry standard certifications (i.e., CompTIA Security+, CISSP, CISM, CEH, GSEC, CAP or equivalent) is required.
- Demonstrated experience in system development and engineering, assessment and authorization, maintenance of tools for the automation of security testing in support of Assessment and Authorization (A&A);
- In-depth knowledge of cybersecurity frameworks and standards, such as NIST, FISMA, and ISO 27001.
- Familiarity with risk management frameworks and the ability to develop and implement effective risk mitigation strategies.