Ennoble First, Inc.
Cybersecurity Engineer Job at Ennoble First, Inc. in Chantilly
Ennoble First, Inc., Chantilly, VA, United States, 22021
Cybersecurity Engineer
Location: Chantilly, VA, Springfield, VA, Gaithersburg, MD
Required Clearance: TS/SCI (minimum) - CI poly preferred
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Overview:
Ennoble First is looking for Cybersecurity Engineers for a mission critical program supporting the NGA. This program provides development, security, test, integration, deployment, and sustainment support for over a dozen Mission-Critical exploitation capabilities and each system has its own specific requirements and infrastructure. This role is part of a larger team of Cybersecurity Engineers under the contract's security team. We are seeking technical, self-motivated Cybersecurity Engineers, to be versatile and flexible to changing priorities from multiple customers. Candidates must work well in an Agile Scrum environment.
Primary Responsibilities:
Equal Opportunity Employer
Minorities / Females / Veterans / Individuals with Disabilities /Sexual orientation / Gender Identity
Location: Chantilly, VA, Springfield, VA, Gaithersburg, MD
Required Clearance: TS/SCI (minimum) - CI poly preferred
Employment Type: Full-Time Regular
Shift: Day
Travel: No
Relocation Assistance: Yes
Overview:
Ennoble First is looking for Cybersecurity Engineers for a mission critical program supporting the NGA. This program provides development, security, test, integration, deployment, and sustainment support for over a dozen Mission-Critical exploitation capabilities and each system has its own specific requirements and infrastructure. This role is part of a larger team of Cybersecurity Engineers under the contract's security team. We are seeking technical, self-motivated Cybersecurity Engineers, to be versatile and flexible to changing priorities from multiple customers. Candidates must work well in an Agile Scrum environment.
- Maintaining the accreditation of the assigned Security Plans to the ICD 503 RMF requirements
- Ensuring that the architecture and design of DOD information systems are functional and secure.
- Providing expertise at all engineering, change, configuration control and other meetings.
- Participating in security/risk assessment during the certification and accreditation process.
Primary Responsibilities:
- For all assets maintained and falling under the contract area of responsibility, the Cybersecurity Engineer will conduct the following activities:
- Provide assessment and authorization (A&A) services in accordance with ICD 503 Risk Management Framework to include:
- Continuous monitoring (ACAS scans) and collection and review of ACAS scans. Document and recommend mitigation actions.
- Hands on STIG remediation and collection and review of STIG scans. Document and recommend mitigation actions.
- IAVA remediations
- Information assurance policies standards and guidelines
- Security risk assessments
- Continuous monitoring
- Continuity planning
- Develop/maintain security documentation per NGA/IC/DoD/Industry standards and policies
- Coordinate all A&A initiation and renewal activities working with the NGA Designated Authorization Official (DAO or DAOR)
- Address any Information Assurance or Cybersecurity notices, orders, taskings, or directives as required following the NGA operations vulnerability and patch management process.
- Attend and participate in weekly vulnerability and risk management meetings.
- Ensure that all services, operational systems, devices and applications are compliant and sustain compliance with the most current Defense Information System Agency (DISA) security technical implementation guides (STIGs), Security Requirement Guides (SRGs), Information Assurance Vulnerability Management (IAVM) requirements, and approved security updates.
- Perform security audits and assessments - create of Plan of Action and Milestones (POAMs)
- Coordinate with System Administrators and others for the remediation of all vulnerabilities and report results. For any open vulnerability, document, obtain approval and status POAMs
- Participate in the development, implementation, and testing of disaster recovery methods and procedures for the ITDR Plan
- In coordination with NGA Government personnel, ensure the appropriate
- Conduct technical and administrative STIG/SRG reviews for all CCRI technology areas
- Assist in the preparation and deliver of monthly and quarterly Assessment and Compliance Status Reports
- Support remediation of findings from routine NGA vulnerability scanning, A&A assessments, or inspections with NGA service providers.
- Requires Bachelor's Degree and 6 - 8+ years of prior relevant Cybersecurity experience (or additional experience in lieu of degree)
- Ability to lead RMF A&A tasks to achieve ATO
- Solid experience with ACAS Nessus Vulnerability Scanning, Review and Remediation
- Sold experience with STIG reviews and mitigation of findings
- Experience with HBSS McAfee End Point Protection
- Experience with POA&M oversight and mitigation
- Experience with conducting Continuous Monitoring (ConMon) scheduled tasks of critical NIST SP800-53 controls
- Familiar with AWS Cloud architecture, concepts and services
- Experience with Windows Server and Linux operating systems (Scanning, Patch Mgmt, STIG Hardening).
- DoD 8570 certification required; minimum certification is Security+ CE.
- NGA experience desired.
Equal Opportunity Employer
Minorities / Females / Veterans / Individuals with Disabilities /Sexual orientation / Gender Identity