Cyber Security Engineer at TEKsystems
Quantico, VA 22134
About the Job
Description:
The Cyber Security Engineer will be responsible for tasks related to Assessment & Authorization (A&A) to ensure assigned DoD, DoN systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. In this role, the Cyber Security Engineer will participate in risk assessments of information systems to identify vulnerabilities, risks, and cyber protection needs. Develop RMF documentation to include system security plan artifacts which include hardware/software lists, topology diagrams, PPS, vulnerability management plan, incident response plan, contingency plan, system POA&M, Information Security Continuous Monitoring (ISCM) Strategy, and all other DoD and Navy mandated artifacts that comprise the Security Authorization Package. Additionally, the individual will serve as an Information Systems Security Officer (ISSO) and review and conduct technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cyber security standards and regulations, and recommend mitigation strategies to the team.
Responsibilities
-Develops RMF accreditation artifact documentation to include hardware/software lists, topology diagrams, PPS, vulnerability management plan, incident response plan, system POA&M, Information Security Continuous Monitoring (ISCM) Strategy, and all other Navy mandated artifacts that comprise the Security Authorization Package.
-Performs weekly CND vulnerability scans utilizing DoD/DoN mandated practices and software utilities.
-Conducts assessments of cybersecurity control compliance in accordance with DoDI 8500.01, DoDI 8510.01, CNSSI 1253 and NIST 800-53
-Prepare daily, weekly, and monthly reports detailing task and responsibility status
-Supports Cybersecurity Test & Evaluation (CT&E) activities of system security engineering and program protection activities.
-Monitors and executes compliance vulnerability scanning and uploads to the Navy VRAM database.
-Updates and validates policies, processes, and SOPs, in accordance with DoN and DoD policies and regulations
-Provides IT Security Incident Response support services and report all tenant IT incidents ranging from security violations (i.e., information spillage and unauthorized usage) and suspicious activity reports
-Performs system categorization; select, tailor security controls, implement, and test security controls
-Attends and leads meetings, works in collaborative a team environment to provide network stability and continuity
-Performs other tasks as required by OSC and the Government contracting office.
Required Qualifications/Education and Experience
-Must have and maintain a Secret personnel clearance and must be eligible for a TS/SCI
-High School diploma or equivalent
-Must be DoD 8570 certified at the IAT-III/ IAM-III level (CISM, CISSP, CCISO, CISA)
-Minimum of seven (7) years of hands-on experience in the IT/Engineering field
-Must have at minimum (2) years’ experience with DoN, DoD RMF process; must have completed full Navy or DoD RMF accreditation package from start to ATO issuance
-Must have expert level knowledge of eMASS and experience in the development of Assessment and Authorization plans
-In depth understanding of computer security, Department of Navy, and DoD cyber security policies
-Prior experience with DISA Security Technical Implementation Guides (STIG), Assured Compliance Assessment Solution (ACAS), VRAM, and other DoN, and DoD cybersecurity tools
-Strong ability to communicate clearly and succinctly in written and oral presentations
-Prior experience with computer networking and telecommunication architecture, the OSI model, and communications protocols and in collaborating with multiple technical teams to drive solutions that are requirement driven
-Have knowledge in network, physical, systems and application security practices
-Must be familiar with intrusion detection and prevention measures and practices
-Must be familiar with and have experience in tools and applications such as Firewalls, IDS/IPS, , ACAS, Nessus, and SIEMs
-Familiarity with DoD, NIST, RMF and FedRAMP processes
-Excellent written and verbal communication skills
-Knowledge of ACAS to create and execute scan jobs, reports, and able to troubleshoot non-compliant scans.
-Knowledge of multiple architectures: Cisco, Linux, Windows, and VMWare
Preferred Qualifications
-Bachelor’s degree (preferably in Information Technology, Information Management, or Cyber Security)
-Certified Information Systems Security Professional (CISSP) certification
-Meet or exceed OPNAVINST 5239 requirements to be certified as Intermediate Qualified Level Navy Validator
Skills:
secret clearance, Rmf, Information assurance, Emass, Cyber security, Nist, Security clearance, Active secret clearance, Vulnerability, Dod, C&a, Siem, poam, secret security clearance, Incident response, STIG, security policy, A&A, ACAS, POA&M, cissp, Navy, DoN, Department of the Navy, Fedramp, cism, cisa, CCISO, top secret, top secret clearance
Top Skills Details:
secret clearance,Rmf,Information assurance,Emass,Cyber security,Nist,Security clearance,Active secret clearance,Vulnerability,Dod,C&a,Siem,poam,secret security clearance,Incident response,STIG,security policy,A&A,ACAS,POA&M,cissp,Navy,DoN,Department of t
Additional Skills & Qualifications:
SCREENING QUESTIONS
1) Can you describe your experience with Risk Management Framework (RMF)? Have you been involved in all 7 steps of the RMF process? If so, could you provide examples?
2) Which RMF artifacts have you worked on and what was your role in their development or maintenance?
3) Can you describe a situation where you used eMASS to develop and submit an A&A package?
4) How have you applied STIG and NIST guidelines in your previous roles?
5) Can you also describe your experience with ACAS for vulnerability scans and familiarity with FedRAMP processes?
6) Could you share your experience in developing and managing a POA&M?
7) Can you describe your experience as a Navy Validator? Specifically, could you provide examples of how you conducted independent assessments of security controls, supported the review and endorsement of Navy sponsored Certification and Accreditation packages, and helped maintain the security standards of the Department of the Navy?
Experience Level:
Expert Level
o Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
§ Medical, dental & vision
§ Critical Illness, Accident, and Hospital
§ 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
§ Life Insurance (Voluntary Life & AD&D for the employee and dependents)
§ Short and long-term disability
§ Health Spending Account (HSA)
§ Transportation benefits
§ Employee Assistance Program
§ Time Off/Leave (PTO, Vacation or Sick Leave)
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.