Cyber Engineer I-III

Location: Alexandria, Virginia

The Human Resources Research Organization (HumRRO) is a non-profit leader in applied research, evaluation, and analytics in the arenas of employment, student, and military testing, and professional credentialing and licensing. We work with federal and state government agencies, private sector organizations, and professional associations.

About the Organization

As a non-profit, HumRRO is dedicated to work that contributes to science and society. Our employees enjoy a highly collaborative and supportive environment that fosters innovation, ethical practice, and outstanding customer service. Our core operational staff includes Behavioral Science and Educational Research professionals. We are committed to supporting a diverse workforce and to practicing equity and inclusion for all staff.

About the Job

About the Role: We are seeking a hands-on Junior to Mid-Level Cyber Engineer to join our dynamic team. This role is crucial in maintaining and enhancing our organization's cybersecurity posture. The ideal candidate will be involved in various aspects of our security operations, from conducting vulnerability assessments to analyzing security logs and artifacts. Your role will consist of performing NIST800-171 and 53(RMF) support for Federal and DoD and DOD Contractor IT systems by conducting risk assessments and developing RMF package components and test plans, assisting in documentation on cyber security technologies, best practices, policies and procedures. Other tasks include maintenance and technical reviews of IA security processes assuring requirements for continuous compliance activities, annual control assessments, monitoring POA&Ms, MFRs, and IA artifacts, creating and updating security documentation, and developing mitigations for maintaining compliance.

The position is onsite at a HumRRO office in Alexandria, VA (Hybrid work setting and other offices in Minneapolis, MN; Louisville, KY, San Diego, CA; or Monterey, CA may be considered).

U.S. citizenship is required for this position based on government contract requirements.

Key Responsibilities:

• Assist in performing penetration testing and vulnerability assessments using tools such as OWASP ZAP, Burp Suite, and Kali Linux
• Conduct analysis of user access and behavior using analytics and security monitoring tools
• Review and analyze scan results from tools like SonarQube/Fortify to identify security issues and propose remediation actions
• Collaborate with development teams to address and remediate security findings
• Review and investigate issues found in error and audit logs
• Conduct monthly security reviews, capture and document necessary compliance evidence
• Assist in maintaining HumRRO's NIST 800-171, ISO 27001:2022 and CMMC control evidence catalogs
• Maintain SaaS compliance data and provide monthly reports on NIST 800-171, ISO 27001:2002 and CMMC compliance status
• Assist in developing and maintaining compliance-related policies, processes and procedures
• Assist in third-party NIST 800-171, ISO 27001:2002 and CMMC compliance audits
• Stay current with the latest security threats, vulnerabilities, and industry best practices
• Assist in maintaining compliance with relevant security standards and regulations such as NIST-800-171, NIST-800-53 (RMF for DoD), and CMMC

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience)
• DOD clearance T/3 (public trust) eligible and US citizenship.
• 1-3 years of experience in cybersecurity or related IT roles
• Knowledge of secure coding practices and web application security
• Familiarity with common security tools and technologies
• Strong analytical and problem-solving skills
• Knowledge of NIST frameworks and other security standards
• Excellent communication and collaboration abilities
• Willingness to learn and adapt to new technologies and methodologies

Desired Qualifications:

• Security or other relevant security certifications CCSP, CISSP, Security certification,
• Experience with cloud DevSecOps (AWS, Azure, or GCP)
• Familiarity with DevSecOps practices, DISA standards, enterprise level work with security policies, network administration and support within AWS GovCloud.
• In depth operational knowledge of IA controls and secure configurations with proficiency using ACAS, HBSS, and IAVM reporting.
• Analyzing system configuration per DISA STIG using STIGviewer and SCAP to mitigate security vulnerabilities.
• Exceptional skills responding to IAVAs as necessary to address systems vulnerabilities and remediating findings in FISMA and DIACAP audit reports.
• Review proposed new systems, networks, and software designs and concepts for potential security risks, recommend mitigations or countermeasures and resolve integration issues.
• Proficient with eMASS package development.
• Detailed knowledge of Federal and DoD directives including RMF and DIACAP and ensuring these security policies, standards, and procedures are enforced.
• Strong knowledge of RMF/NIST and Assessment Authorization processes.

What We Offer:

• Opportunity to work on challenging projects and make a significant impact on our organization's security
• Collaborative environment with experienced security professionals and software engineers
• Continuous learning and professional development opportunities
• Competitive salary and benefits package

If you are passionate about cybersecurity and ready to take your career to the next level, we encourage you to apply. Join us in our mission to build and maintain a secure application landscape!

All qualified applications will receive consideration without regard to race, color, religion, sex, national origin, age, marital status, sexual orientation, gender identity, veteran status, medical condition, or disability. EEO/AA Employer/Vet/Disabled.

Named one of "50 Great Places to Work" by Washingtonian magazine, 2019, and one of the "Top Workplaces" by The Washington Post for 2020 and 2021.