Logo
Excentium

Sr. Cybersecurity Engineer (ISSO)

Excentium, Bethesda, Maryland, us, 20811


Sr. Cybersecurity Engineer (ISSO)

Summary

Title:Sr. Cybersecurity Engineer (ISSO)

ID:487

Department:All

Location:Bethesda, MD

Description

Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.

We have an opportunity for a Sr. Cybersecurity Engineer to support one of our Federal customers.

MINIMUM CLEARANCE LEVEL: DOD Secret

CITIZENSHIP: US Citizenship

LOCATION: Remote with some on site required in Bethesda, MD

The Sr. Cybersecurity Engineer will analyze and define security requirements for Multi-Layer Security (MLS) issues. Perform risk analyses, which include risk assessment. Activities will include risk assessments, annual reviews, and ATOs. Prepare and maintain a current POA&M that identifies system weaknesses, vulnerabilities and proposed mitigation activities- recommendations, mitigation schedules based on the availability of resources required, points-of contact that are responsible for mitigation activities, and status of the mitigation/remediation activities. Support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for latest programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities. Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with Defense Health Agency (DHA) directives and applicable Risk Management Framework (RMF) requirements. Provide support for a system or enclave's information assurance program through security authorization activities in compliance with RMF. Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Draft documentation needed to announce new cyber security initiatives and participate in building and implementing processes surrounding cyber security.

Responsibilities:

Develop/maintain processes that implement the DoD Security program.

Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,

Lead in the development of Plan of Action and Milestones (POA&M) and compliance.

Develop ATO package for reaccreditation.

Work with DHA ISSM to meet all Cyber standards for DHA system

Manage POA&Ms and mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.

Support Validation of IT security architecture for compliance.

Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program.

Conduct Incident Response and forensic analysis when necessary

Assist in management of the assessment/authorization program for Health Information Technology (HIT) information systems.

Ensure compliance with DHA RMF policies and procedures.

Maintain the electronic registration of systems in Enterprise Mission Assurance Support Service (eMASS), DoD Information Technology (IT) Portfolio Repository (DITPR), or other Portfolio as directed.

Update documentation as system information changes

Coordinate Annual Security Assessment Reviews

Support/Perform assessment of NIST 800-53 controls

Perform Vulnerability scanning and remediation

Required Education:

BS/BA preferred in Computer Science or related field of study (can be substituted for 5 years professional experience)

IAT Level II Certification- Security +, CCNA-Security

CISSP is a plus

Required Skills:

Minimum 5 years’ experience within Cyber Security field

Understanding DOD STIGs and ability to provide direction based on STIGs

Strong knowledge of Risk Management Framework (RMF)

Must be capable of independent management of projects (Experience in MS Project or similar).

Able to work in team environments and independently

Ability to write procedures and other informative correspondence

Ability to read, analyze and interpret security regulations

Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues

Knowledge of eMASS

We take pride in building a workforce with a strong Veterans focus

Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

Excentium, Inc. is an equal opportunity employer