Cybersecurity Engineer SME / Advisor

Job Title :   Cybersecurity Engineer SME / Advisor

Location : On-site in Fort Belvoir, VA

Duration : Full-time

Qualifications :

• Active Secret or higher
• Active IAM III certification
• Experience in the Army, DoD, or IC at the Headquarters, Department of the Army, or major command level (e.g. ARCYBER, NETCOM, 7th Signal Command, Program Executive Office) or in industry implementing similar solutions

Job Summary :

We are seeking for a CyberSecurity Engineer subject matter expert and advisor to the ECMA who will provide cyber system architecture and engineering expertise, technical advice, develop and review cyber security policy and threat models and support expanding CSSP offerings and C5ISR efforts. Support the Risk Management Framework Cloud (RMFc) process, assist in developing RMFc documentation for customers and application owners across all Cloud service models and shared services. Review and make recommendations of customer RMFc documentation as required and assist the authorizing official (AO) with the certification of all Army cloud instantiations. Provide support to streamline inheritable controls from the Cloud Service provider down to Application owners. Provide recommendation process and procedures to further automate validation checks of STIGs, vulnerability detection, and static code analysis.

Support business continuity activities to include continuity planning, conducting business impact assessments, creating systems and processes of prevention and recovery to deal with potential threats to the Army. In addition to prevention, will enable on-going operations before and during service interruptions or actual execution of a disaster recovery operations. Additionally, will assist with creating spillage processes, ultimately enabling Army customers to immediately remediate.

Support data security throughout the lifecycle in cloud environments (Create, Store, Use, Share, Archive and Delete). Provide expertise in selecting relevant technical solutions to ensure data is secure within all cloud service models. In this role, provide expertise in selection and deployment of a Security Information and Event Management (SIEM) system that is user-friendly and relevant to mission-sets across the Army.

Job Responsibilities :

Experience with Incident Response and SOC operations

Monitoring and analysis of potential threat activity.

Providing engineering support, operations, and maintenance of security tools.

Must be able to run vulnerability and patching reports, analyze data, and respond / resolve customer support tickets relating to aforementioned tools.

In-depth familiarity with Systems Security Categorization, Federal Information Processing Standard (FIPS 199 & 200), Federal Information Security Management Act (FISMA) 2014, Security Assessment Plan (SAP), aggregating risk, remediation of findings, and Ports Protocols Services Management (PPSM)

In-depth operational and technical knowledge of security concepts including, but not limited to Security, Information, and Event Monitoring (SIEM) tools

Practical knowledge of security management processes including, but not limited to, risk management, security planning, IT security control implementation, testing, and logical access controls

Exceptional verbal and written communication skills.

Practical knowledge of Federal Cybersecurity - FISMA, NIST, OMB

Proven ability to meet schedule and performance requirements for IT Security projects

Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls.

Assess solutions’ architectural designs for compliance with NIST 800-53 rev 5 and DOD related policies for on premise and cloud-based solutions; prepare assessment documentation.

Develop security artifacts to support the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures and other documents as needed.

Support systems through all steps of RMF and enable Gov Client to achieve and or maintain authorities.

Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations.

Job Required Qualifications :

Bachelor’s degree in Engineering or IT-related field

Active IAM III certification

7 years of professional experience in a related field

3 years of experience in Army, DoD, or IC at the Headquarters, Department of the Army, or major command level (e.g. ARCYBER, NETCOM, 7th Signal Command, Program Executive Office) or in industry implementing similar solutions

Active SECRET clearance (or higher)

Strong working knowledge of large, complex IT environments

Experience implementing solutions and services in a similar-sized organization

Expert ability to communicate effectively in both oral and written forms with all levels of staff

Ability to effectively present information to, and interact well with, different levels of the organization.

Strong technical writing expertise.

Ability to work well in a strong collaborative team-oriented environment.

Strong working knowledge of large, complex IT environments