Position Description

If you seek a rewarding, high profile and challenging position supporting projects for the US Navy- Serco has a great opportunity for you!

This Cybersecurity Engineer role will be on a dynamic team, supporting Team Submarine. Serco supports the US Navy as a prime for their Team Submarine contract supporting the acquisition of submarines.

Bring your expertise and collaborative skills to make an impact towards our military defense and safety of our sailors.

Team Submarine’s Submarine Program Offices are responsible for the acquisition of the nuclear submarines, including the VIRGINIA Class submarines. Submarine programs are major defense acquisition programs and is of significant political importance with Congress and the Office of the Secretary of Defense (OSD).

You must be eligible for a Secret clearance for consideration.

Serco-NA has an opening for a Cybersecurity Engineer to support the U.S. Navy in the Washington, DC area. Submarine experience is a plus. To be successful in this position, you must have strong leadership and problem-solving skills to assist with the daily operation of the program office. You will continually work with team members of all levels, so strongly developed written and verbal communication skills are crucial. You should have knowledge on how the program office functions, so it is best if you have experience working in submarine community.

In this role, you will:

• Perform activities required within the DoD Instruction 8510.01 DoD Risk Management Framework (RMF) (formerly the DoD Information Assurance Certification and Accreditation Process (DIACAP)) to obtain Authorization to Operate (ATO) with Conditions or ATO prior to fielding of all TEAM SUB Enterprise Business Mission Area (BMA), DoD Portion of Intelligence Mission Area (DIMA), Enterprise Information Environment Mission Area (EIEMA), and Warfighting Mission Area (WMA) ashore and afloat systems. Develop RMF accreditation packages using current DoD Instruction 8510.01 accreditation methods, to include the System Authorization Boundary, Hardware/Software/Firmware list, Dataflow Diagram, Security Plan, Plan of Action, and Milestones (POA&M), System Categorization, Enterprise Reporting RMF Scorecard, System Level Continuous Monitoring (SLCM) Strategy, Risk Assessment Report (RAR), Security Assessment Plan (SAP), and Security Assessment Report (SAR). 
• Identify security controls to be implemented, work with system owners to implement and test controls, prepare required artifacts, and complete actions required in the RMF in the timeframe in which they are required.
• Provide subject matter expertise regarding the development of RMF packages and the RMF process for a portfolio of approximately 200 systems. In this capacity, serve as a resource in both package development and in navigating the RMF process for the Team SUB enterprise.
• Serve as Navy Risk Management Framework (RMF) Validator
• Independently validate cybersecurity artifacts developed by TEAM SUB Enterprise system owners (approximately 200 systems) as part of the Risk Management Framework Accreditation and Authorization process that are uploaded to DoN Enterprise Mission Assurance Support Service (eMASS).
• Organize and assist with the updating and coordination of records in the TEAM SUB Enterprise Cybersecurity portfolio of all Business Mission Area (BMA), DoD Portion of Intelligence Mission Area (DIMA), Enterprise Information Environment Mission Area (EIEMA), and Warfighting Mission Area (WMA) ashore and afloat systems. 
• Validate that all DON-specified cybersecurity- specific information systems, including Enterprise Mission Assurance Support Service (eMASS), Procurement Business Intelligence Service (PBIS), DoD IT Portfolio Repository (DITPR)-DON, Vulnerability Remediation Asset Manager (VRAM), the DON Application and Database Management System (DADMS), and the Enterprise Reporting Service (ERS) Cybersecurity Scorecard on Secret Internet Protocol Router (SIPR) network, are continuously accurate and reflect the cybersecurity posture of TEAM SUB and its assigned field activities, including NUWC and SUBMEPP and provide status to TEAM SUB staff. 
• Respond to data calls from DoD, DON, and NAVSEA organizations. 
• Review all system DITPR-DON and DADMS records assigned to the TEAM SUB Enterprise to validate that these systems are current and compliant with Federal Information Security Management Act (FISMA) applicable cybersecurity regulations, as evidenced by the FISMA Scorecard remaining in the compliant (Green) status for a combined portfolio of approximately 200 systems.
• Participate in the TEAM SUB Enterprise/DON’s annual cybersecurity review of all TEAM SUB BMA, DIMA, EIEMA, and WMA Systems. This participation shall include liaison with DON and NETWARCOM personnel to review methodology, validate that TEAM SUB systems are compliant, accurate, and ready for inspection, coordinate reviews, and coach cognizant programmatic and technical personnel to help TEAM SUB personnel ensure that applicable DoD regulations identified by DoDI 8500.01 and DoDI 5000.02 are followed, and that TEAM SUB systems (approximately 200 systems) meet FISMA reporting and privacy requirements.
• Assist in the investigation of inadvertent electronic spillages of classified information, and draft and submit reports to the ASM concerning the spillage and the impact. 
• Assist with the coordination of investigations with NAVSEA, Naval Criminal Investigative Service, Defense Security Service, and other authorities. 
• Initiate and coordinate remediation actions, and track to closure. 
• Educate personnel via Training, Team Talks, e-mail reminders, or through the use of online training to prevent future spillages and recommend policy or procedural changes when needed.
• Provide direct expertise and assistance to ensure that cybersecurity is fully integrated into the system lifecycles of all TEAM SUB acquisition and life-cycle maintenance platform programs in accordance with DoDI 8500.01 and DoDI 5000.02.
• Good communications skills and excellent word processing, database, spreadsheet programs, Microsoft applications.

Qualifications

To be successful in this role, you will have:

• A Bachelor’s degree in computer science, management information systems, cybersecurity, or related fields or equivalent experience.
• A current or active DoD Secret Clearance.
• Five to seven years’ experience with RDT&E and Business IT systems and the phases of Certification and Accreditation (C&A) process.
• A qualification as a Navy Qualified Validator (NQV) as defined by DoD Instruction 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT).
• Experience working with Navy C&A efforts as a Navy Validator. Demonstrated oral and written communication skills to work closely with all levels of personnel involved in IT operations and technical aspects of systems.
• The ability to travel at least 10% of the time.

Additional desired experience and skills:

• Ten or more years of experience in an Information Assurance (IA) or C&A related field. Familiarity with and understanding of Navy IT sites, systems, and infrastructure.

If you are ready to take the next step of your career path, apply today!

Company Overview

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco’s 9,000 employees strive to make an impact every day across 100 sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

To review Serco benefits please visit: https://www.serco.com/na/careers/benefits-of-choosing-serco. If you require an accommodation with the application process please email: careers@serco-na.com or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see our Applicant Privacy Policy and Notice.

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email Agencies@serco-na.com.

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.