Senior Cybersecurity Specialist (Cloud-FedRAMP) - Excentium, Inc.

Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.

We have an opportunity for a Senior Cybersecurity Specialist (Cloud-FedRAMP) supporting one of our Federal customers in the Reston, VA Area and remote locations

MINIMUM CLEARANCE LEVEL: Secret Eligibility

CITIZENSHIP: US Citizenship

LOCATION:   Reston, VA area and Remote locations

The determines enterprise information assurance and security standards. Develops and implements information assurance/security standards and procedures. Coordinates, develops, and evaluates security programs for an organization. They will provide recommendations for information assurance/security solutions to support the customers’ requirements. Identifies, reports, and resolves security violations. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. The position will be supporting the customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems, requiring specialized security features and procedures. May direct or perform analysis, design, and development of security features for DHA or VA system architectures. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers. Designs, develops, engineers, and implements solutions that meet security requirements Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems. May direct or Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Review and ensure compliance with Department of Defense (DoD) policy and requirements. Designs, develops, and implements solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security. Participates in all phases of the systems lifecycle including preliminary and final design, systems development, integration, and testing.

Responsibilities:

• Develop/maintain processes that implement the DoD Security program.
• Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,
• Assist in development of Plan of Action and Milestones (POA&M) and compliance.
• Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.
• Support Validation of IT security architecture for compliance.
• Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program
• Conduct Incident Response and forensic analysis when necessary
• Assist in management of the assessment/authorization program for  On-prem and cloud systems
• Ensure compliance with DHA RMF policies and procedures
• Maintains the electronic registration of systems in eMASS, DITPR, or other Portfolio as directed
• Coordinates with stakeholders to communicate status and action items for systems in process
• Develop relevant documentation for supported systems
• Updates documentation as system information changes
• Coordinates Annual Reviews
• Supports/Performs assessment of NIST 800-53 controls
• Support/Perform FedRAMP assessments
• Coordinate with Threat Management Branch for Technical Assessment
• Perform Vulnerability scanning and remediation of findings as required by CISM
• Research security standards/tools; review or conduct system security and vulnerability assessments of cloud and on-prem environments in a fast-paced, demanding environment
• Support development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks
• Ensure platform and networks are compliant with DoD policies
• Provide oversight to the cybersecurity team
• Meet requirements to be a member of the FedRAMP team

Required Education:

• BS/BA preferred in Computer Science or 5 additional years of professional experience
• Minimum of DoD 8570.01-M IAT Level III Certification
• Hold at least one of the following active credentials:
  • Cisco Certified Network Professional CCNP / Security
  • CompTIA Advanced Security Practitioner (CASP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
  • SANS GIAC Penetration Tester (GPEN)
  • Open Web Application Security Project Penetration Tester (OWASP)
• Registered with the FedRAMP PMO as a qualified penetration tester

Required Skills:

• Minimum 8 years’ experience with cybersecurity engineering
• 3 years’ experience with cloud engineering
• Experience developing or supporting AWS and Azure systems
• Deep knowledge and experience with FedRAMP or Impact Level assessments
• Experience assessing the security of cloud
• Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
• Advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interaction
• Understanding DOD STIGs and ability to provide direction based on STIGs
• In-depth experience with Risk Management Framework (RMF)
• Experience/understanding of various control frameworks including NIST 800-171, CMMC, FedRAMP
• Must be Capable of independent management of projects
• Able to work in team environments and independently
• Ability to write procedures and other informative correspondence
• Ability to read, analyze and interpret security regulations
• Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues

We take pride in building a workforce with a strong Veterans focus

Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

Excentium, Inc. is an equal opportunity employer.