TrustedQA, Inc.
Cybersecurity Engineers (C2BMC)
TrustedQA, Inc., Colorado Springs, Colorado, United States, 80509
TrustedQA is seeking Cybersecurity Engineers in Colorado Springs, CO to support a newly awarded Command and Control, Battle Management, and Communications (C2BMC) program. C2BMC supports a layered missile defense capability that enables an optimized response to threats of all ranges in all phases of flight.
Responsibilities:
Perform assessment of systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP, etc and active evaluations such as vulnerability assessments utilizing ACAS.
Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS.
Develop test plans reflecting how STIG checks are implemented and be able to show expected outcomes of those checks.
Update Risk Management Framework (RMF) artifact documentation to ensure system hardening non-compliant is tracked and remediated.
Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities.
Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.
Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization.
Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M).
Periodically conduct a complete review of each program support and operational system's audits and monitor corrective actions until all actions are closed.
Coordinate across the program to address identified deficiencies during RMF assessment activities.
Qualifications:
Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS).
Understanding of Risk Management Framework (RMF) Cybersecurity Lifecycle to include: identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, conducting verification testing for compliance assessment.
Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify).
Active Top Secret clearance.
IAT Level II/ IAM Level I DoD 8570 certification (Sec+ CE or similar).
Preferred Skills:
Windows and Red Hat Enterprise Linux (RHEL) system administration skills.
Previous background working in a virtual environment.
Previous background working with dockers and containers.
Administer ACAS and ESS (formally HBSS).
Previous experience with ConfigOS.
Benefits OverviewTQA's broad and competitive mix of benefits options are designed to support and protect employees and their families' physical, mental, and financial health. Employment benefits include medical, dental, life and supplemental insurance options as well as a matching 401(k) program, Flexible Spending Accounts (FSA), education reimbursement, mental wellness reimbursements, access to a financial advisor, and up to 31 days of paid leave annually.
Equal Opportunity EmployerTrustedQA is an equal-opportunity employer and does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or any other non-merit factor.
Offer ConsiderationsTrustedQA considers several factors when extending an offer, including but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications.
Federal ComplianceAs a federal contractor, TQA is subject to all federal and state mandates and/or other customer requirements.
#J-18808-Ljbffr
Responsibilities:
Perform assessment of systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP, etc and active evaluations such as vulnerability assessments utilizing ACAS.
Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS.
Develop test plans reflecting how STIG checks are implemented and be able to show expected outcomes of those checks.
Update Risk Management Framework (RMF) artifact documentation to ensure system hardening non-compliant is tracked and remediated.
Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits.
Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities.
Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards.
Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization.
Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M).
Periodically conduct a complete review of each program support and operational system's audits and monitor corrective actions until all actions are closed.
Coordinate across the program to address identified deficiencies during RMF assessment activities.
Qualifications:
Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS).
Understanding of Risk Management Framework (RMF) Cybersecurity Lifecycle to include: identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, conducting verification testing for compliance assessment.
Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify).
Active Top Secret clearance.
IAT Level II/ IAM Level I DoD 8570 certification (Sec+ CE or similar).
Preferred Skills:
Windows and Red Hat Enterprise Linux (RHEL) system administration skills.
Previous background working in a virtual environment.
Previous background working with dockers and containers.
Administer ACAS and ESS (formally HBSS).
Previous experience with ConfigOS.
Benefits OverviewTQA's broad and competitive mix of benefits options are designed to support and protect employees and their families' physical, mental, and financial health. Employment benefits include medical, dental, life and supplemental insurance options as well as a matching 401(k) program, Flexible Spending Accounts (FSA), education reimbursement, mental wellness reimbursements, access to a financial advisor, and up to 31 days of paid leave annually.
Equal Opportunity EmployerTrustedQA is an equal-opportunity employer and does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or any other non-merit factor.
Offer ConsiderationsTrustedQA considers several factors when extending an offer, including but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications.
Federal ComplianceAs a federal contractor, TQA is subject to all federal and state mandates and/or other customer requirements.
#J-18808-Ljbffr