Senior Cyber Security Engineer - Maximus Services, LLC

Maximus is searching for a Senior Cyber Security Engineer to join a DoD program in Arlington, VA.

This position is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by a SAP information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).

Responsibilities include, but are not limited to:

• Collaborating with key stakeholders to ensure security engineering initiatives are aligned with the operational needs within the SAP IT
• Developing specifications to ensure risk, compliance, and assurance efforts conform with confidentiality, integrity, and availability requirements at the software application, system, and network environment level
• Drafting statements of preliminary or residual security risks for system operation
• Maintaining information systems assessment and authorization (A&A) documents
• Monitoring and evaluating a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• Performing security reviews and identifying security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Planning and conducting security authorization reviews and assurance case development for initial installation of systems and networks
• Verifying that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Experience in one or more cloud computing services and technologies including but not limited to: AWS
• Providing oversight to the SAP Community on the latest vulnerabilities and identify remediation efforts
• Developing and implementing new security mechanisms for the SAP Ecosystem
• Identifying and selecting best-in-class threat prevent tools and software for the SAP Ecosystem
• Executing special projects as required
• Interacting with technical leads, developers, and system owners to ensure that all technical requirements are aligned with SAP guidance
• Ability to travel 20-30% of the time to local and CONUS sites

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS041, T5, Band 8

Required Skills & Qualifications:

• Due to contract requirements, candidates must possess an active TS/SCI clearance.

• A Bachelor's degree is required for this position. 4 years of relevant work experience may be considered in lieu of the degree requirement.

• 10+ years of experience implementing the Risk Management Framework (RMF)

• Minimum seven (7) years of demonstrable DoD security experience in the following:

- Understanding of DISA STIGs and Benchmarks

- Understanding of tools, e.g., SCAP, ACAS, Vulnerator, HBSS, eMASS

- Must have analytical skills to evaluate risk, gather data, conduct security audits, and assess information to make critical decisions affecting network security

- Knowledge of coding languages, intrusion detection, operating systems, security planning and auditing, ethical hacking and other security, programming, and diagnostic tools

• DoD 8140 Level 2 (or higher) certification is required and may equate to two (2) years of experience (CISSP, CCNA, CySA+, GISCP, Sec+CE, CND, SSCP etc....)

Desired Skills:

• Cloud certification is a plus

Minimum Requirements

TCS041, T5, Band 8

EEO Statement

Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce. We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country. We're proud of our connections to organizations dedicated to serving veterans and their families. If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you. A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer. Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.

Pay Transparency

Maximus compensation is based on various factors including but not limited to job location, a candidate's education, training, experience, expected quality and quantity of work, required travel (if any), external market and internal value analysis including seniority and merit systems, as well as internal pay alignment. Annual salary is just one component of Maximus's total compensation package. Other rewards may include short- and long-term incentives as well as program-specific awards. Additionally, Maximus provides a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement savings plan, paid holidays and paid time off. Compensation ranges may differ based on contract value but will be commensurate with job duties and relevant work experience. An applicant's salary history will not be used in determining compensation. Maximus will comply with regulatory minimum wage rates and exempt salary thresholds in all instances.