Solidus is seeking several Cyber Security Engineers to support a global, interconnected, virtualized, hybrid, and IT infrastructure hosting mission systems, applications, services, and data that will serve the U.S. Air Force (USAF) and U.S. Army (USA) We are looking for a broad spectrum of skills and experience for this rapidly growing program.
The infrastructure incorporates the capabilities of commercial cloud and Managed Service Providers (MSP) residing in Cloud Service Providers (CSPs). The program facilitates the USAF and USA's efforts to migrate applications to a cloud environment, allowing the closure of data centers to support the Data Center Optimization Initiative (DCOI) and allowing for increased efficiencies across the entire spectrum of the USAF and USA's IT operations.
- Architects, plans, configures, deploys, maintains, and upgrades COTS/GOTS and custom toolsets to address vulnerabilities and/or implement security controls
- Applies a combination of expert engineering knowledge of enterprise IT and security solutions to design, develop and/or implement solutions to ensure they are consistent with enterprise architecture security policies and support full spectrum military cyberspace operations
- Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
- Includes security control design and solution planning at the system, mission, and enterprise level, security-in-depth/defense-in-depth, and other related IAM/ISSO/ISSE support functions.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- Researches and evaluates cyber capabilities and new security tools and products against operational requirements and introduces them to the enterprise in alignment with IT security strategy, and to support the offensive and defensive capability design and troubleshoot and problem solve technical and non-technical issues.
Specific duties include:
- Assist in assessing the data Impact Level (IL) of migrating applications in accordance with the DoD Cloud Computing Security Requirements Guide (SRG).
- Provide automated application of DoD-hardened STIG for platforms and application configurations
- Work with the government to implement and evolve phased ATO process for the environment using A&A automation and maximize the use of inheritance/reciprocity
- Develop approaches support strong authentication and multi-factor authentication to implement data access authorization based on user identity
- Implement and provide a method of verification of the applicable DISA STIG, SRGs, and best practices
- Provide Tier 3 Cyber Security Service Provider (CSSP) support, as well as interface with and meet requirements of the Tier 2 CSSP support providers
- Ability to provide timely remediation recommendations for audit findings
- Ability to support Code Review Security Vulnerabilities Remediation
- Ability to support the updates to Risk Management Framework Artifacts
- Ability to create a Microsoft Visio based topology diagram template.
- U.S. Citizenship and the ability to obtain a DoD Secret Clearance
- Bachelors and 9+ years
- Masters and 7+ years
- PhD or JD and 4+ years
- In lieu of a degree/ relevant certification an additional 4 years of experience
- Minimum Information Assurance System Architecture and Engineering (IASAE) Level II certified IAW DoD 8570.01M
- Compliant with DoD and USAF training requirements in DoDD 8570.01, DoD 8570.01-M, and AFMAN 17-1303.
- Knowledge of DoD Policies and procedures including DoD 8500.01 and DoD 8510.01.
- Experience with Risk Management Framework (RMF) and updating of security artifacts
- Experience with compliance verification methods including DISA STIG, SRGs, and best practices
- Experience with DevSecOps
- Knowledge of the DoD suite of security tools including ACAS, HBSS, and eMASS.
- Knowledge of cloud environments provided by AWS and Azure
- Working knowledge of Microsoft Office Suite including Microsoft Visio
- Knowledge of DESMF
- CISSP certification preferred
- Experience with Agile, Scrum, SAFe or other modern software development methods/practices
- Experience supporting USAF or USA software development projects
- Experience supporting software migration efforts
Job ID 3638
Applicants selected must meet eligibility requirements for access to classified information. U.S. Citizenship may be required. Solidus is an Equal Opportunity Employer and participates in E-Verify. NOTICE OF AFFIRMATIVE ACTION PLAN FOR INDIVIDUALS WITH DISABILITIES, DISABLED VETERANS AND OTHER PROTECTED VETERANS. It is the policy of this Company to seek and employ qualified individuals at all locations and facilities, and to provide equal employment opportunities for all applicants and employees in recruiting, hiring, placement, training, compensation, insurance, benefits, promotion, transfer, and termination. To achieve this, we are dedicated to taking affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, and other protected veterans. The objective in adopting the Affirmative Action Programs is to place qualified individuals with disabilities, disabled veterans and other protected veterans in all job classifications. These Affirmative Action Programs are available for inspection by any applicant or employee by contacting the Company's EEO Coordinator, in the Human Resources office, Monday through Friday, 8am to 5pm