Principal Cyber Security Engineer
Joint Base Anacostia-Bolling (JBAB), DC
Location: JBAB, 70032
Clearance: Active TS/SCI
Employment Type: Direct Hire
Industry: Department of Defense
- Perform security control assessments meeting all FISMA requirements related to cybersecurity technical assessments and design tasks on aeronautical and aerospace related systems in accordance with RMF guidance publications, to include NIST SP 800-53 Rev. 4, NIST SP 800-53A, NIST 800-37 Rev.1, and CNSSI 1253/1254, as outlined in DCSA Assessment and Authorization Process Manual (DAAPM) and the Joint SAP Implementation Guide (JSIG). You will interact daily with Air Force program managers and industry subject matter experts across multiple domains (air, space, cyber) to assist the government with technical assessments, strategic planning, and engineering evaluations.
- DoD 8570 IAT Level III (CISSP, CASP, etc.) and CEH
- 14+ years of experience with DoD, USAF, and interagency cybersecurity and/or information assurance
- Current applicable SAP and SCI information assurance requirements (e.g., JSIG, RMF, JAFAN, etc.).
- Testing NIST SP 800-53 security controls.
- Knowledge of reverse engineering best practices and industry standard methodologies.
- Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established information assurance (IA) standards and regulations and recommend mitigation strategies.
- Validate and verify system security requirements definitions and analyze and establish system security designs.
- Conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by a system to determine the overall effectiveness of the security controls.
- Reviewing Risk Assessment Reports (RARs) and provide feedback to ISSMs regarding the completeness of the risk assessment and appropriateness of planned safeguards.
- Assessing the severity of any weakness or deficiencies discovered in the system and its environment of operation and recommending corrective actions to address identified vulnerabilities.
- Evaluating threats and vulnerabilities to systems to ascertain the need for additional safeguards.
- Reviewing Plans of Actions and Milestones (POA&Ms) to ensure weaknesses are identified, effective / acceptable mitigation strategies are planned, and timelines are acceptable an on track.
- Preparing and submitting the final Security Assessment Report (SAR) containing the results and findings from an assessment and a recommended risk-based authorization decision to the Authorizing Official (AO).
- Assessing proposed changes to systems, their environment of operation, and mission needs that could affect system authorization.
Keyword Searchstring: Information Technology, IT, Systems Engineer, Help Desk, Tier I, Tier II, Tier III, MCSA, Network, Administrator, Specialist, Technician, PMP, Implementation, CEH, CISSP, CISM, Architect,