Cybersecurity Engineer II

CTE, c&a, Risk Management, DOD, IT security, information security, cybersecurity engineer, cyber security engineer, test
Full Time
Depends on Experience
Work from home not available Travel required to 10%.

Job Description

Position:       Cybersecurity Engineer II (Journeyman)
Clearance:      TS/SCI
Location:        Aberdeen Proving Ground, Maryland
Type:              Exempt, Full Time, Regular

The Cybersecurity Engineer II (Journeyman) will have experience in (1) executing the full complement of Information Security engineering activities from requirements definition, to architecture, design, implementation, and test, through deployment and operations and support; (2) implementing Department of Defense (DoD) cybersecurity processes through the appropriate application of laws, policies, directives, and guidance; and (3) preparing recommendations with sufficient rationale to advise executive leader decisions across the full gamut of software development from requirements design and management through system level testing to assessment and authorization. The individual must be able to (a) define information security requirements; (b) develop information security documentation; and (c) contribute to all program life cycle information security activities, to include requirements, architecture, design, development, implementation, and test of system solutions in order to obtain Authority To Operate (ATO) certificates. Specifically, the individual will provide Cybersecurity Systems Engineering Support, Cybersecurity Network Domain Certification and Accreditation (C&A) Support, and Cross Domain Solution (CDS) Assessment and Authorization (A&A) Support. The Cybersecurity Engineer II (Journeyman) will perform tasks in coordination with government personnel to provide the cybersecurity support services and solutions necessary to analyze, assess, integrate, enhance, improve, modernize, implement, test, sustain, and maintain the system cybersecurity posture and capabilities.

Essential Duties and Responsibilities: (Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position)
• Provide cybersecurity network domain C&A support and execute activities that include network domain operations requirements for the following networks: Joint Worldwide Intelligence Communications System (JWICS), Secret Internet Protocol Router Network (SIPRNET), National Security Agency Network (NSANET), Non-Secure Internet Protocol Router Network (NIPRNET), and other special or specific Coalition networks
• Perform the necessary efforts to analyze, assess, evaluate, integrate, improve, implement, test, sustain, and maintain the system cybersecurity posture and capabilities required by the network domain operations compliance requirements
• Develop and prepare the required security control documents or artifacts, and conduct security control assessments, and security test and evaluation required by the respective network authorities and C&A processes such as the Risk Management Framework (RMF)
• Perform all necessary cyber domain activities to ensure the system baselines follow the respective network domain mandated standards, and authorization to connect requirements• Develop and document security design artifacts and the associated security controls that are meeting the security acceptance criteria and package the accreditation and authorization documents in support of each domain C&A process
• Prepare and document the risk mitigations, and maintain and update the Plan of Action and Milestones (POA&M) as required by the network domain Authorizing Official (AO)
• Perform technical vulnerability scanning and secure configuration assessments, penetration testing and analyze the scan results, recommend the plans of action, and update the POA&M accordingly
• Support A&A or other RMF and cybersecurity Compliance and Auditing processes and inspections for all enterprise systems and networks; ensure validity and accuracy review of all associated documentation
• Perform compliance reviews of computer security plans
• Perform risk assessments
• Validate and perform security test evaluations and audits
• Analyze and define security requirements for information protection for enterprise systems and networks
• Assist in the development of security policies
• Analyze the sensitivity of information and performs vulnerability and risk assessments based on defined sensitivity and information flow
• Assess security risk, research and recommend countermeasures in accordance with Army and DoD requirements, conduct formal security engineering assessments and security assessments
• Be an integral member of a team of cybersecurity validators to ensure that systems are compliant with NIST Special Publication 800-53 cybersecurity controls
• Support on-site accreditation testing for networks at CONUS and OCONUS locations

Non-Essential Duties:
• Other duties as assigned
Supervisory Responsibilities:
• This position does not have formal supervisory responsibilities; however, it will require mentoring of junior staff.
Minimum Qualifications: (To perform this job successfully, an individual must be able to perform each essential duty satisfactorily)
• Minimum of 5 years of working experience directly related to DoD cybersecurity Certification and Accreditation (C&A) or cybersecurity engineering activities
• Demonstrated experience, and familiarity with DoD and Army Cybersecurity Polices and Regulations, and Certification and Accreditation (C&A) process to include the provisions of ICD 503, and the planning and execution of Security Test and Evaluation (STE) and Cybersecurity Test and Evaluation (CTE) events
• Minimum CISSP, CISM, or equivalent certifications
• IAM-II Certified
• Minimum of 5 years of experience and BA/BS degree

Knowledge, Skills and Abilities:
• Broad knowledge and understanding of DoD and Army Cybersecurity policies, tools, and techniques
• Understanding of the Risk Management Framework (RMF) process
• Deep understanding of Enterprise Mission Assurance Support Service (eMASS) and/or XACTA
• Experience in developing products and performing essential activities to obtain ATO certificates
• Ability to validate risk assessments and develop Plans of Actions and Milestones (POA&M) to assist the PM and ISOs in the mitigation of cybersecurity weaknesses, providing solutions and mitigation actions for each assessed item
• Ability to review and monitor IS and networks A&A status, to include success or failures to obtain Authority to Operate (ATO) or Interim Authority to Test (IATT), as appropriate
• Strong communications skills (both written and oral)
• Strong customer service and excellent interpersonal skills
• Ability to listen and understand task descriptions and requests
• Ability to explain problem resolutions
• Ability to quickly comprehend the functions and capabilities of new technologies
• Ability to effectively adapt to rapidly changing technology and apply it to business needs
• Ability to quickly respond to time-critical queries from leadership
• Ability to work independently without direct supervision or guidance
• Ability to occasionally work after hours and/or on-call support
• Ability to meet minimum security clearance requirements
• Shows respect and sensitivity for cultural differences
• Educates others on the value of diversity
• Promotes a harassment-free environment
• Treats people with respect
• Keeps commitments
• Inspires the trust of others
• Works ethically with integrity
• Upholds organizational values

Dice Id : 9094140SC
Position Id : 5864042
Have a Job? Post it