View all jobs

Mid Security Engineer

Open, United States
Title:                     Mid Security Engineer
Location:               Open, United States (Remote)
Salary:                  DOE
Travel:                  Up to 20%
 
We are seeking a dynamic professional with 5+ years of hands-on cybersecurity experience in performing and/or participating in DoD and/or NIST-based system security assessments, Privacy Assessments, continuous monitoring, and/or other Assessment and Authorization (A&A) activities.
 
Duties and Responsibilities:
  • Develop, assess, and analyze cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards.
  • Perform system/network vulnerability scanning and analysis using both automated tools and manual techniques. 
  • Assist or lead technical assessments using standard industry tools such as Nessus, DB Protect, WebInspect, ACAS (for DoD), and others.
  • Identify and apply vulnerability remediations, fix procedures, and when necessary mitigation techniques. 
  • Identify and mitigate cyber security risks through formal assessment activities.
  • Lead development of detailed reports based on testing and data analysis.
  • Participate and lead compliance related discussions (this includes in-depth understanding of applicable compliance frameworks, architectures, and security control requirements (technical and non-technical)
  • Work directly with customers to resolve cybersecurity issues and concerns as well as to explain how compliance with various standards and frameworks are achieved.
  • Coordinate the day-to-day activities required to deliver a project on time and within budget.
  • Attend, participate, and lead regular project meetings; communicate and distill information from technical resources during formal and informal meetings.
 
Skills and Qualifications:
Required:
  • 5+ years of experience in performing and/or participating in FISMA based security Assessment and Authorization (A&A) activities.
  • Working-level knowledge of FISMA, NIST/DoD RMF, and NIST SP 800-series publications.
  • Must be sufficiently familiar with typical Federal A&A documentation (e.g., System Security Plans (SSPs), System Assessment Plans (SAPs), System Assessment Reports (SARs), Plan of Actions and Milestones (POAMs), and more) in order to contribute to authorship and/or solely author such documents.
  • Experience using testing tools such as Nessus/ACAS, SCC, DISA STIGs / STIG Viewer, Wire Shark, Flying Squirrel, etc.
  • Exposure to Software Development Lifecycle (SDLC) and related terminology as it relates to Information Security/Information Assurance.
  • Self-motivated and able to work in an independent manner or as part of a client delivery team.
  • Able to write about and discuss technical security issues in a clear, concise manner.
  • Exceptional organizational, planning, and attention to detail skills.
  • Able to work in a fast-paced, deadline-driven, remote environment.
  • Able to travel at least 25% as required for various client engagements.
 
 Desired: 
  • Strong technical background.
  • Experience with FedRAMP and Cloud Computing.
  • Experience working in a service desk environment and supporting customer infrastructure.
  • Coding/Programming experience with one or more of the following tools: Python, Perl, Shell, Bash, Batch, etc.
  • Experience and technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.
 
Education:
  • Bachelor’s degree in IT related field or equivalent technical certifications.
 
Certifications:
  • The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications, Security+, CISSP, CEH, SFCP, GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CISM, CCNA, CCNP, Network+, CAP, SANS security certifications, etc.
Powered by