Cybersecurity Engineer (RMF/ATO) Job at Schubringglobal in Sterling

SGS was founded in 2013 to provide elite security consulting to forward-thinking organizations. Our customers recognize that security is not a commodity and requires the best advice possible for the best value.

Our approach is straightforward. Our team has been on both sides of the table, and we firmly believe in treating our customers the way we would expect to be treated. Every member of our team embraces our core values. We will not compromise our integrity, and we will only act in our customers' best interests.

As security practitioners, we embrace the impact of our actions and recommendations on our customers and their people. We operate as trusted partners…because that is what we are.

We are seeking a Cybersecurity Engineer to become a valued member of our team supporting a government client. The work entails conducting assessments related to RMF and other standards to ensure the client maintains an ATO.

Key Responsibilities:

• Working as a member of the design team to ensure cybersecurity is built into the system.
• Performing the technical hardening and documentation of the system.
• Conducting cybersecurity hardening activities (system patching, updating (applications, OSs, firmware, antivirus, etc.), applying Secure Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs), and any other secure configuration requirements.
• Applying all applicable Defense Information System Agency (DISA) STIGs and SRGs to all system components. This includes all OS, Firmware, Group Policy, Domain, Network, and Application-Specific STIGs/SRGs.
• Using the automated Security Content Automation Protocol (SCAP) tool to evaluate STIG/SRG compliance.
• Completing STIG/SRG checklists for system components.
• Conducting vulnerability scans using Nessus (ensuring ACAS compatibility).
• Developing documentation to support the project (e.g. Implementation Plan, Security Controls, diagrams, and anything related to the RMF/RMF AO package).

Required Degree/Certifications:

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
• Possess one of the following certifications: CCNA-Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP, CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP

Required Experience:

• Five years of cybersecurity experience in performing system hardening.
• Demonstrated experience with performing STIG implementation.
• Demonstrated experience performing vulnerability assessments with the Nessus and Assured Compliance Assessment Solution (ACAS) compliant scans.
• Demonstrated experience remediating vulnerability findings to include implementing vendor patches on both Linux and Windows Operating Systems.

Other Requirements:

• Travel up to 50%
• Be willing to submit to a government suitability investigation.
• Familiarity with the following:
  • UFC 4-010-06 Cybersecurity of Facility-Related Control Systems
  • AR 25-2 Army Cybersecurity
  • AR 190-51 Security of Unclassified Army Resources
  • DoD Directive 8140.01 Cyberspace Workforce Management
  • DoD Instruction 8500.01, Cybersecurity
  • DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT)
  • Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)
• Have completed, or willing to complete Antiterrorism/Operations Security (AT/OPSEC)

Other:

Travel: 50%
Location: Sterling, Virginia (On-Site)
Job Type: Full time
Career Level: Mid-career
Category: Engineering
Exemption Type: Exempt

United States Citizenship is Required
Security Clearance: Must successfully pass a company background check.

SGS is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, national origin, age, protected veteran status, or disability status.

The pay range for this role is:

95,000 - 100,000 USD per year (Sterling, VA)