Zivaro
Cybersecurity Engineer
Zivaro, Colorado Springs, Colorado, United States, 80509
Empower your career with Zivaro, where passion meets innovation and inclusion! Embrace the future of IT while being a part of Zivaro's pioneering tech community.
Zivaro isn't just about technology-it's about people. We thrive on the energy, talent, and dedication of our workforce. From our culture to professional development, we prioritize our team. We live by our core values every day and hope you will as well! Come join a Top Workplaces organization!
JOB SUMMARY:
We are looking for a skilled System Engineer to help contribute to our Mission Engineering team environment with other systems, software and specialty engineers to develop solutions that includes a background in all aspects of the systems engineering life cycle. You will be part of a talented team of engineers that demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance and security.
POSITION RESPONSIBILITIES:
Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts, perform annual validation of accounts, and work with system administrator on creation, modification, and removal of accounts Perform assessment of systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP, etc and active evaluations such as vulnerability assessments utilizing ACAS. Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS Develop test plans reflecting how STIG checks are implemented and be able to show expected outcomes of those checks Update Risk Management Framework (RMF) artifact documentation to ensure system hardening non-compliant is tracked and remediated Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M) Periodically conduct a complete review of each program support and operational system audits and monitor corrective actions until all actions are closed Coordinate across the program to address identified deficiencies during RMF assessment activities. QUALIFICATIONS:
Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.) Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS) Understanding of Risk Management Framework (RMF) Cybersecurity Lifecycle to include: identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, conducting verification testing for compliance assessment. Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify)
Preferred Skills: Windows and Red Hat Enterprise Linux (RHEL) system administration skills Previous background working in a virtual environment Previous background working with dockers and containers Administer ACAS and ESS (formally HBSS) Previous experience with ConfigOS EDUCATION/CERTIFICATIONS:
BS/MS degree in Computer Science, Engineering or a related subject preferred Minimum Active TOP SECRET Clearance Required IAT Level II Certification Required
$100,000 - $120,000 a year
Benefits:
Benefit offerings include medical, dental, vision, life insurance, disability, flexible spending accounts, paid holidays, flexible PTO program, 401k program. Come join a Top Places to Work organization!
U.S. Citizenship is required for all positions at Zivaro, due to security clearance and government/federal contracts held by Zivaro.
EEO STATEMENT
Zivaro, Inc. is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Zivaro prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.
Zivaro isn't just about technology-it's about people. We thrive on the energy, talent, and dedication of our workforce. From our culture to professional development, we prioritize our team. We live by our core values every day and hope you will as well! Come join a Top Workplaces organization!
JOB SUMMARY:
We are looking for a skilled System Engineer to help contribute to our Mission Engineering team environment with other systems, software and specialty engineers to develop solutions that includes a background in all aspects of the systems engineering life cycle. You will be part of a talented team of engineers that demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance and security.
POSITION RESPONSIBILITIES:
Process and track DD Form 2875 user account forms and required training for privileged and non-privileged accounts, perform annual validation of accounts, and work with system administrator on creation, modification, and removal of accounts Perform assessment of systems and networks within a virtual environment and identify where those systems deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits using STIG Viewer, SCAP, etc and active evaluations such as vulnerability assessments utilizing ACAS. Perform Security Technical Implementation Guide (STIG) assessments and hardening for both Windows, Red Hat Enterprise Linux (RHEL) systems, and networking equipment utilizing ConfigOS Develop test plans reflecting how STIG checks are implemented and be able to show expected outcomes of those checks Update Risk Management Framework (RMF) artifact documentation to ensure system hardening non-compliant is tracked and remediated Establish strict program control processes to ensure mitigation of risks and supports obtaining assessment and authorization of systems. Includes support of process, analysis, coordination, control certification test, compliance documentation, as well as investigations, software research, hardware introduction and release, emerging technology research, inspections, and periodic audits Assist in the implementation of the required government policy (i.e., NISPOM, NIST, DoD), making recommendations on process tailoring, participating in and documenting process activities Perform analyses to validate established cybersecurity controls and requirements and to recommend cybersecurity safeguards Support program test milestones through pre-test preparations, participating in the tests, analysis of the results, and preparation of required artifacts supporting authorization Prepare artifacts such as Test Results (TR), Authorization Boundary Diagrams (ABD), Network Topologies, Flow-diagrams, Hardware and Software listings, Ports, Protocols, and Services Management documentation, supporting Assessment and Authorization activities and maintain the Plan of Actions and Milestones (POA&M) Periodically conduct a complete review of each program support and operational system audits and monitor corrective actions until all actions are closed Coordinate across the program to address identified deficiencies during RMF assessment activities. QUALIFICATIONS:
Security engineering skills with a working knowledge of cybersecurity technology and DoD/Federal cybersecurity policy (i.e., DoDI 8500.01, NIST SP 800-53, etc.) Understanding and utilization of Enterprise Mission Assurance Support Service (eMASS) Understanding of Risk Management Framework (RMF) Cybersecurity Lifecycle to include: identifying controls and overlays, generating testable requirements, identifying resilient architecture design, configuring, running, and scripting audit tools, providing analysis of vulnerability analyses, conducting verification testing for compliance assessment. Knowledge of Software Assurance (SwA) static and dynamic code analysis (e.g. Fortify)
Preferred Skills: Windows and Red Hat Enterprise Linux (RHEL) system administration skills Previous background working in a virtual environment Previous background working with dockers and containers Administer ACAS and ESS (formally HBSS) Previous experience with ConfigOS EDUCATION/CERTIFICATIONS:
BS/MS degree in Computer Science, Engineering or a related subject preferred Minimum Active TOP SECRET Clearance Required IAT Level II Certification Required
$100,000 - $120,000 a year
Benefits:
Benefit offerings include medical, dental, vision, life insurance, disability, flexible spending accounts, paid holidays, flexible PTO program, 401k program. Come join a Top Places to Work organization!
U.S. Citizenship is required for all positions at Zivaro, due to security clearance and government/federal contracts held by Zivaro.
EEO STATEMENT
Zivaro, Inc. is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Zivaro prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.