Zero Trust Cyber Security Engineer - Millennium Corporation

Overview:

For two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.

What We Believe:

We believe that diversity is a fact, inclusion is a choice.  At Millennium Corporation, we are inclusive. We celebrate multiple approaches and different points of view. We strongly believe that diversity drives innovation, and we are building a culture where differences are valued. We are always growing our programs and we offer tools to help our employees grow and manage their careers.

 

Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Millennium promotes affirmative action for women, minorities, disabled persons, LGBTQ+ and veterans.

Responsibilities:

Millennium Corporation is hiring a Zero Trust Cyber Security Engineer to work remotely from Orlando, FL or Charleston, SC, New Orleans, LA, or the DC Metro Area. The candidate must have an active secret clearance.

 

The Zero Trust Cyber Security Engineer will:

• Perform penetration tests and vulnerability assessments using the approved DoD vulnerability scanner, Defense Information systems Agency (DISA) Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs) and other DoD/DoN software assurance security tools.  
• Implement operating systems and network devices security configuration in accordance with DISA approved security technical implementation guides and Security Requirement Guides.
• Perform Cybersecurity assessment procedures, security audits and risk analysis.
• Develop and update Program Protection Plans, Cybersecurity Strategies, and other security related acquisition documentation in support of programs.
• Ensure that security related provisions of the system acquisition documents meet all identified security needs.
• Develop mitigation strategies for DoD information systems.
• Prepare RMF artifacts and Memoranda of Agreement (MoA) with system owners for interface and networking implementations.
• Develop Cybersecurity related acquisition documents.  
• Identify Common Criteria and National Information Assurance Partnership (NIAP) certified technologies.
• Evaluate Program Cybersecurity products in use by programs to validate compliance with DoD/DoN requirements.
• Participate in FLTCYBERCOM Designated Accrediting Authority collaboration calls.

• Provide critical, expert security engineering support, analysis, and guidance in relation to Zero Trust (ZT) on DoN Business Systems.

• Provide initial baseline assessments of all programs under PMW 240 (these will be conducted against the DoD mandated 91 target level activities), and identify gaps in each of the program, then identify a way forward for each of the programs to be in alignment with DoD/DoN Zero Trust policies.

• Work with PMW 240 programs to demonstrate alignment through metric reporting and identification of investments in ZT capabilities necessary and plans to achieve target level based on resourcing and program implementation plans NLT FY 27.

• Assist with development and/or incorporation of security requirements, standards, and/or specifications into RMF artifacts and eMASS packages of all PMW 240 systems as required by the DoN Zero Trust Implementation Guide.

Qualifications:

• Candidate must have an active secret clearance.
• Bachelor's degree and 8 years of engineering, computer science, or information technology experience including at least three (3) to six (6) years of Cybersecurity experience or HS Diploma and 13 yrs of experience.
• Experience in DoD Risk Management Framework (RMF) DoDI 8510.01. Possess DoD approved Baseline Certification as Information Assurance Manager, Level II in accordance with DoD 8570.01-M (i.e., CISSP, GLSC or CISM). Level I Familiarity Fundamental awareness and RMF familiarity gained through formal training in the development of one or more Security Authorization Package or past experience with DoD Assessment & Authorization (A&A).
• Zero trust and DevSecOps proficiency. 

Business Development:Physical Requirements:

• Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 10-15 pounds at a time.

Travel Requirements:

>10%