Title: Mid Security Engineer
Location: Open, United States (Remote)
Travel: Up to 20%
We are seeking a dynamic professional with 5+ years of hands-on cybersecurity experience in performing and/or participating in DoD and/or NIST-based system security assessments, Privacy Assessments, continuous monitoring, and/or other Assessment and Authorization (A&A) activities.
Duties and Responsibilities:
Skills and Qualifications:
- Develop, assess, and analyze cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, RMF for DoD IT, FedRAMP, and departmental standards.
- Perform system/network vulnerability scanning and analysis using both automated tools and manual techniques.
- Assist or lead technical assessments using standard industry tools such as Nessus, DB Protect, WebInspect, ACAS (for DoD), and others.
- Identify and apply vulnerability remediations, fix procedures, and when necessary mitigation techniques.
- Identify and mitigate cyber security risks through formal assessment activities.
- Lead development of detailed reports based on testing and data analysis.
- Participate and lead compliance related discussions (this includes in-depth understanding of applicable compliance frameworks, architectures, and security control requirements (technical and non-technical)
- Work directly with customers to resolve cybersecurity issues and concerns as well as to explain how compliance with various standards and frameworks are achieved.
- Coordinate the day-to-day activities required to deliver a project on time and within budget.
- Attend, participate, and lead regular project meetings; communicate and distill information from technical resources during formal and informal meetings.
- 5+ years of experience in performing and/or participating in FISMA based security Assessment and Authorization (A&A) activities.
- Working-level knowledge of FISMA, NIST/DoD RMF, and NIST SP 800-series publications.
- Must be sufficiently familiar with typical Federal A&A documentation (e.g., System Security Plans (SSPs), System Assessment Plans (SAPs), System Assessment Reports (SARs), Plan of Actions and Milestones (POAMs), and more) in order to contribute to authorship and/or solely author such documents.
- Experience using testing tools such as Nessus/ACAS, SCC, DISA STIGs / STIG Viewer, Wire Shark, Flying Squirrel, etc.
- Exposure to Software Development Lifecycle (SDLC) and related terminology as it relates to Information Security/Information Assurance.
- Self-motivated and able to work in an independent manner or as part of a client delivery team.
- Able to write about and discuss technical security issues in a clear, concise manner.
- Exceptional organizational, planning, and attention to detail skills.
- Able to work in a fast-paced, deadline-driven, remote environment.
- Able to travel at least 25% as required for various client engagements.
- Strong technical background.
- Experience with FedRAMP and Cloud Computing.
- Experience working in a service desk environment and supporting customer infrastructure.
- Coding/Programming experience with one or more of the following tools: Python, Perl, Shell, Bash, Batch, etc.
- Experience and technical knowledge in security engineering, secure architecture development, system and network security, authentication and security protocols, applied cryptography, and application security.
- Bachelor’s degree in IT related field or equivalent technical certifications.
- The following certifications (more than one is preferred): Lunarline, Inc. School of Cybersecurity “Certified Expert” certifications, Security+, CISSP, CEH, SFCP, GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CISM, CCNA, CCNP, Network+, CAP, SANS security certifications, etc.