Sr. Cybersecurity Engineer (ISSO)

Summary

Title:Sr. Cybersecurity Engineer (ISSO)

ID:487

Department:All

Location:Bethesda, MD

Description

Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.

We have an opportunity for a Sr. Cybersecurity Engineer to support one of our Federal customers.

MINIMUM CLEARANCE LEVEL: DOD Secret

CITIZENSHIP: US Citizenship

LOCATION: Remote with some on site required in Bethesda, MD

The Sr. Cybersecurity Engineer will analyze and define security requirements for Multi-Layer Security (MLS) issues. Perform risk analyses, which include risk assessment. Activities will include risk assessments, annual reviews, and ATOs. Prepare and maintain a current POA&M that identifies system weaknesses, vulnerabilities and proposed mitigation activities- recommendations, mitigation schedules based on the availability of resources required, points-of contact that are responsible for mitigation activities, and status of the mitigation/remediation activities. Support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for latest programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities. Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with Defense Health Agency (DHA) directives and applicable Risk Management Framework (RMF) requirements. Provide support for a system or enclave's information assurance program through security authorization activities in compliance with RMF. Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Draft documentation needed to announce new cyber security initiatives and participate in building and implementing processes surrounding cyber security.

Responsibilities:

• Develop/maintain processes that implement the DoD Security program.

• Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,

• Lead in the development of Plan of Action and Milestones (POA&M) and compliance.

• Develop ATO package for reaccreditation.

• Work with DHA ISSM to meet all Cyber standards for DHA system

• Manage POA&Ms and mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.

• Support Validation of IT security architecture for compliance.

• Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program.

• Conduct Incident Response and forensic analysis when necessary

• Assist in management of the assessment/authorization program for Health Information Technology (HIT) information systems.

• Ensure compliance with DHA RMF policies and procedures.

• Maintain the electronic registration of systems in Enterprise Mission Assurance Support Service (eMASS), DoD Information Technology (IT) Portfolio Repository (DITPR), or other Portfolio as directed.

• Update documentation as system information changes

• Coordinate Annual Security Assessment Reviews

• Support/Perform assessment of NIST 800-53 controls

• Perform Vulnerability scanning and remediation

  Required Education:

• BS/BA preferred in Computer Science or related field of study (can be substituted for 5 years professional experience)

• IAT Level II Certification- Security +, CCNA-Security

• CISSP is a plus

  Required Skills:

• Minimum 5 years’ experience within Cyber Security field

• Understanding DOD STIGs and ability to provide direction based on STIGs

• Strong knowledge of Risk Management Framework (RMF)

• Must be capable of independent management of projects (Experience in MS Project or similar).

• Able to work in team environments and independently

• Ability to write procedures and other informative correspondence

• Ability to read, analyze and interpret security regulations

• Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues

• Knowledge of eMASS

  We take pride in building a workforce with a strong Veterans focus

  Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.

  Excentium, Inc. is an equal opportunity employer