Cyber Security Engineer

As the Cyber Security Engineer, the individual will perform tasks related to Assessment & Authorization (A&A) within MDIA to ensure assigned DoD, DoN systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. In this role, the Cyber Security Engineer will conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. Additionally, the individual will serve as an Information Systems Security Officer (ISSO) and review and conduct technical security assessments of computing environments to identify points of vulnerabilities, non-compliance with established cyber security standards and regulations, and recommend mitigation strategies to the team.ResponsibilitiesDevelops RMF documentation to include system security plan artifacts which include hardware/software lists, topology diagrams, PPS, vulnerability management plan, incident response plan, contingency plan, system POA&M, Information Security Continuous Monitoring (ISCM) Strategy, and all other DoD and Navy mandated artifacts that comprise the Security Authorization PackageDevelops, maintains, and monitors the necessary artifacts for A&A package submission to receive ATC, ATT, and ATO authorizationsConduct risk assessments of information systems to identify vulnerabilities, risks, and protection needsHeavy participation in and responsible for RMF step 4 activities and requirements. Must prepare risk assessment documentation and artifacts according to the published Navy SCA requirements. Provides guidance and assistance for Navy RMF step 3 requirementsPerforms weekly ACAS vulnerability scans utilizing DoD/DoN mandated practices and software utilitiesConducts assessments of cybersecurity control compliance in accordance with DoDI 8500.01, DoDI 8510.01, CNSSI 1253, and the Navy RMF Process Guide (RPG)Prepares daily, weekly, and monthly reports detailing task and responsibility status.Develops, reviews, and maintains RMF artifacts for RMF compliance. Updates artifacts as changes to the networks occurMonitors and executes compliance as defined by Navy and DoD policy and guidance.Weekly uploads of vulnerability scans to VRAM toolUpdates and validates policies, processes, and SOPs, in accordance with DoN and DoD policies and regulationsProvides IT Security Incident Response support services and reports all tenant IT incidents ranging from security violations (i.e., information spillage and unauthorized usage) and suspicious activity reportsPerforms RMF system categorization; select controls, tailor security controls, implement controls, and test security controls activitiesAttends and leads meetings, works in collaborative a team environment to provide network security, stability and continuityPerforms other tasks as required by OSC and the Government contracting officeRequired Qualifications/Education and ExperienceHigh School diploma or equivalentMinimum of (seven (7) years of hands-on experience in the IT Security field and must meet or exceed OPNAVINST 5239Must have at minimum (2) years’ experience with Navy RMF or DoD RMF process and procedures; must have completed full DoD or Navy RMF authorization package from start to ATOMust be DoD 8570 certified at the IAT-III/ IAM-III level - CASP, CCNP Security, CISA, CISSP, GCED, GCIH, CCSP, CISM, GSLC, CCISOSubject matter expert level familiarity and knowledge of eMASS as well as experience in the development of Assessment and Authorization plans is requiredIn-depth understanding of computer security, Department of Navy, and DoD cyber security policiesSubject Matter Expert level of knowledge and familiarity with DISA Security Technical Implementation Guides (STIG), Assured Compliance Assessment Solution (ACAS), eMASS, other DoN, and DoD cybersecurity tools is requiredStrong ability to communicate clearly and succinctly in written and oral presentations to government leadershipHave knowledge in network, physical, systems and application security practicesMust be familiar with intrusion detection and prevention measures and practicesMust be familiar with and have experience in tools and applications such as Firewalls, IDS/IPS, HBSS, eMASS, Nessus/ACAS, and SIEMsFamiliarity with Navy, DoD, NIST, and RMF processesExperience running ACAS scans and utilization of Security CenterMust have and maintain a Secret personnel clearance and must be eligible for a TS/SCIPreferred Qualifications/Education and ExperienceBachelor’s degree (preferably in Information Technology, Information Management, or Cyber Security)Certified Information Systems Security Professional (CISSP) certificationNavy SCA requirements to be certified as a Navy Validator

#J-18808-Ljbffr