Cyber Engineer-SME

Cyber Engineer- SME

Digiflight, Inc. is seeking a Cyber Engineer that will assist with providing a highly technical and in-depth penetration testing support on a SAFe Agile DevSecOps Program.  The role requires support specializing in penetration testing and ethical hacking, to target, assess, and exploit risk and vulnerabilities of information systems. The intent is to provide senior decision makers with documented and actionable data to aid in making strategic investment decisions. 

Primary Responsibilities

a)           Responsible for the protection and security of the systems that store data

b)           In charge of the network and systems in a security capacity and plans and execute security measures accordingly

c)            Implementing safeguards that prevents intrusions and breaches.  

d)           Responsible for providing cybersecurity engineering services for classified and unclassified networks of computer systems running the Windows and Linux Operating Systems.  

e)           Provide cybersecurity engineering support for Local area development networks (both Windows and Linux) 

f)            Provide cybersecurity engineering support for local area networks that tie together the computing nodes of the trainers. 

g)           Develop creative solutions to complex technical issues and problems

h)           Assist with maintaining a strong cybersecurity posture

i)             Assist in developing new policies, design processes, and procedures, and develop technical designs to secure the development environment and trainer systems

j)            Assess system vulnerabilities, implement risk mitigation strategies, validate secure systems, and test security products and systems to detect security weakness 

k)           Implementing safeguards that prevent intrusions and breaches. 

l)             Reconstruct a malicious attack or activity based off network traffic

m)          Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools

Basic Qualifications

a)           Certified Information Systems Security Professional (CISSP) certification 

b)           Extensive experience with cyber penetration testing

c)            Extensive  experience applying computer attack methods and system exploitation techniques

d)           Extensive working knowledge of cyber security principles for Linux, Windows, and virtual platforms

e)           Extensive  experience designing, testing, or implementing IT security architecture

f)            Extensive  experience performing network security analysis

g)           Extensive  experience analyzing network architectures 

h)           Extensive  experience with detection system (IDS) tools

i)             Extensive  work experience in cyber security or related IT field

j)            Extensive  experience using network management tools

k)           Extensive  experience leveraging adversarial tactics to conduct hands-on security testing

l)             Extensive  experience developing risk management methodologies

m)          Extensive  experience analyzing test results to develop risk and threat mitigation plans

n)           Extensive  experience testing or reviewing system configuration, development, and design specifically around enterprise systems and hypervisors 

o)    Extensive experience designing, testing, or implementing complex Windows installations

p)           Experience with Cloud services offered by Microsoft or Amazon.  Azure Sentinel (SIEM) is most desired between the two

Candidate must be a US Citizen

Candidate must have an active TS/SCI

Candidate must have a MA/MS degree with a minimum of 15 years of experience. This may be substituted with a BS/BA degree and a minimum of 20 years of total experience.  

Preferred Qualifications

One or more of the following professional certifications: 

GNFA

GCIH 

GCIA

GSEC 

CASP

 CySA  

PaLMS 

FedVTE 

GSEC (SANS401) 

Arcsight (or other SEIM solution) 

Network  

Security

Our People 

DigiFlight attracts the most highly skilled workforce to protect some of our nation’s most sensitive systems. Before joining the company, many DigiFlight professionals served our country in a civilian and/or military capacity. Our diverse team provides innovative solutions as they support critical clients in tackling tough challenges. Most importantly, our team is passionate about their work and making a difference.

Our corporate culture promotes a healthy work/life balance.

Our Benefits

DigiFlight’s competitive benefits package allows employees to manage their personal and professional portfolios through a variety of features and programs. Our benefits include:

• Health, Dental, Vision, and Flexible Spending Account
• Paid Time Off (PTO)
• 11 paid holidays
• Tuition Education Assistance
• Professional Development
• 401(k) retirement plan
• Life insurance and short- and long-term disability insurance
• Employee Referral Program
• Marketing Incentive Plans

DigiFlight, Inc. (DFI) is an Affirmative Action, Equal Opportunity Employer. DFI offers a highly competitive, family-oriented benefits package.

Performs comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls in accordance with NIST 800-53.

Principal Duties and Responsibilities (*Essential functions)

·       Review RMF Packages for completeness and technical accuracy. 

·       Assess documented designs for compliance with NIST 800-53 and DOD related policies for on premise and cloud-based solutions

·       Perform Risk Assessment IAW with Army RMF 2.0 policy.

·       Review security design artifacts to determine the risk profile of the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), and other documents as needed.

·       Review information systems assurance and accreditation material

·       Provides recommendations for protecting networks, workstations, servers, and IT assets.*

·       Involved in conducting audits to ensure information systems security policies and procedures are implemented as defined in security plans and best practices. *

·       Additional duties include assist Vulnerability Disclosure Program (VDP) to perform investigation and provide mitigation information to the users when needed.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here. 

Required Experience

Required Qualifications

·       Associate’s Degree or a Bachelor’s Degree in related field, or equivalent experience.

·       Minimum of 3 related certifications may be used in place of unrelated degree field.

·       Minimum of 4-7 years of work related experience.

·       Must be able to obtain a Security CE certification, or equivalent, within 6 months of hire.

·       Prior experience with eMASS and RMF.

·       Strong written and verbal communication skills.

·       Secret DoD Security Clearance required;  US Citizenship required.

Preferred Qualifications

·       Active Security CE certification or equivalent.

·       Understand Risk Assessment methodology.