Position Summary
You will work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts responsible for supporting Information System Security Engineering efforts. General responsibilities include but are Not Limited to:

• Working closely and supporting team members, vendors, and government customers
• Implementing DoD Security Technical Implementation Guides (STIGs) on traditional Information Technology (IT) and Operational Technology (OT) systems
• Assisting in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process
• Conducting ICS/SCADA system inventories following DoD guidance
• Conducting vulnerability scanning and document system vulnerabilities
• Supporting ISO standardization and Quality inspections
• Participating in continuous improvement of organizational cybersecurity posture

Position / Candidate Requirements

• Requires Top Secret Clearance.
• Education:
  • 5-7 Years of Experience with a Master's Degree in Information Technology, Risk Management, Cybersecurity
  • 7-9 Years of Experience with a Bachelor's Degree in Information Technology, Risk Management, Cybersecurity
  • 10-12 Years of Experience with an Associate's Degree in Information Technology, Risk Management, Cybersecurity
  • 13-15 Years with a High School Diploma

• Required Progressive Experience:

• Working with industry and government agencies on the design of platforms and integrated systems
• Working on government and/commercial projects implementing cybersecurity requirements in a variety of industrial control systems (e.g., building management, electronic security, fire alarm/mass notification, electrical distribution, power management, etc.)
• Proficiency with ACAS and HBSS and mitigation strategies
• Developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data
• Assessment, mitigation, and closure of network vulnerabilities and vulnerability management
• eMASS
• Establishing, managing, and tracking of Plan of Action & Milestones (POA&M)
• Applying STIGs to servers, databases, applications, and other hardware
• Security Readiness Review (SRR) Tools (scripts and ACAS)
• Ability to identify, maintain, and troubleshoot control network components
• Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation
• Awareness of NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security and UFC 4-010-06 Unified Facilities Criteria (UFC) Cybersecurity of Facility
• Working knowledge of operational control systems and implementing a variety of security assessment tools
• Working knowledge of other operational control systems
• Familiarity with DoDIN CCRI/CCORI and CYBERCOM TASKORDS
• Familiarity with various industry products

• One of the Required Certifications:
  • CASP CE
  • CISSP
  • CISSP – ISSAP
  • CISSP - ISSEP
  • CSSLP
  • CISA
  • CISM
• Strong Oral, Written and Presentation Skills with the ability and experience communicating directly with Customers
• Demonstrated background working with multidisciplinary teams
• Demonstrated time management and organization skills to meet deadlines and quality objectives
• Strong MS Excel, Word, PowerPoint, AUTOCAD, Cameo and Visio Skills is a plus.
• Ability to travel domestically and internationally up to 25% of the time.

• Exposure to computer screens for an extended period of time.
• Sitting for extended periods of time.
• Reach by extending hands or arms in any direction.
• Have finger dexterity in order to manipulate objects with fingers rather than whole hands or arms, for example, using a keyboard.
• Listen to and understand information and ideas presented through spoken words and sentences.
• Communicate information and ideas in speaking so others will understand.
• Read and understand information and ideas presented in writing.
• Apply general rules to specific problems to produce answers that make sense.
• Identify and understand the speech of another person.