Cyber Security Engineer
Industry: Dept. of Defense
Location: Charleston, SC (29406) (REMOTE & 35% travel)
Employment Type: Contract to permanent
Clearance: Secret (Active Required)
- BS degree and six (6) years of experience with Cybersecurity / Information Technology, or twelve (12) years of hands-on experience with Cybersecurity / Information Technology
- Experience with DHA Cybersecurity Directorate a plus
- Experience with A&A packages within eMASS a plus
- Capable of providing thought leadership to the SCAR, SCA and other DHA cybersecurity leadership in his/her effort to identify risks, communicate recommended courses of action and recommend process improvements.
- Support and execute DHA RMF Independent Validation & Verification (IV&V) and Validator responsibilities and deliverables defined by the DHA RMF workflow. These include:
- o Review of systems architecture diagrams, hardware/software lists, accreditation boundary documentation, security plans and eMASS records.
- o Develop detailed Security Assessment Plans
- o Support Development of IV&V cost estimates for
- o Execute reviews for and provide feedback to Program Offices within eMASS for Security Plan approvals, Authorization Packages, Risk Assessments and Annual Reviews
- Coordination among various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), SCA, SCAR, Authorization Officials (and representatives), program managers, vendors, etc., necessary to properly plan and coordinate IV&V and testing requirements for program office authorization efforts.
- Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), and DISA Security Technical Implementation Guides (STIGs).
- Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus/Tanium) necessary to identify and document compliance;
- Knowledge of and ability to use applicable compliance and accreditation reporting environments (e.g., eMASS, CMRS) to validate compliance and accuracy of a program s RMF package.
- Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies.
Keyword Searchstring: cyber security, security+, Pen testing, CISSP, CEH, RHCSA, Red Hat, Linux, Unix, Cyber, engineer, architect, network, systems, ACAS, STIGs, POA&Ms, RMF,