Location: Washington Navy Yard, Washington D.C.
Pay: $100k-130k per year
US Citizenship and the ability to maintain a DoD security clearance required
This position is for a risk management focused cybersecurity engineer. Review software requirements to identify security and safety critical software functions. Design and test application and system-level insider threat mitigations. Design positive and negative test scenarios to confirm functionality of safety and security critical software mitigations. Perform module and unit testing of cyber security features, including manipulation of data for analysis of security requirements. Support creation and updating of all relevant documentation and specifications for secure design, secure development and security testing, including assisting with cyber security subsystem requirements decomposition.
- Ability to obtain and maintain a Top Secret/SCI security clearance required
- Bachelor’s degree in Computer Science, Cyber Security, Engineering or related technical discipline required with 4 years of cyber security experience with Federal standards and performing Information Assurance Authorization and Accreditation on platform systems
- Candidate must possess advanced cybersecurity management certificate such as CISSP, CISM, GISP, CASP or equivalent certification
- Experience with all phases of the NIST Risk Management Framework (RMF)
- Experience with writing, reviewing and testing software requirements
- Experience evaluating, scoring, and documenting security compliance of RMF controls, DISA CCIs, and STIG vulnerability IDs
- Able to multi-task, self-assign work, and function in a dynamic, fast-paced environment
- Good verbal and written skills
- Proficiency with MS Office Products (Word, Excel, Visio, & PowerPoint)
Primary Duties and Responsibilities:
- Implementing ATO requirements and maintaining the appropriate impact levels of the classified system
- Developing and maintaining Risk Management Framework (RMF) documentation
- Work with network monitoring tools for the purpose of identifying deficiencies with approved software
- Administrative and general cybersecurity support to include preparing presentations.
- Work with program and Cyber Security leadership to develop RMF security artifacts, respond to controls, create/update POA&Ms, attend and participate in status meetings.
- Active participation in providing resolution to Authorization to Operate (ATO), Risk Management Framework (RMF) Process.
- Review, update, or the creation of documents needed to support the closure of findings, execution of associated actions and coordination for submission to the government for review and approval.
- Attend enterprise Information Assurance (IA) related working groups and meetings to identify and execute emerging Information Assurance (IA) policies and/or creation and staffing of new IA policies.
- Review and generate correspondence and response as directed on Cyber Security policies and instructions, DISA Information Assurance Vulnerability Alert (IAVA), and other operation orders.
- Facilitates cyber-security management oversight and technical evaluation to provide effective analysis of cyber security policies and process and ensure timely solutions are provided in accordance with the Risk Management Framework Process lifecycle
- All other duties and tasks as assigned