Cyber Security Engineer

Job Title: Cyber Security Engineer                                                                                                                          

Location: San Antonio, TX (Randolph AFB) 

Clearance:  Active Secret Security Clearance (Required)

Citizenship: US Citizen                                                                                       

AttainX, Inc. is in search of a highly energetic Cyber Security Engineer with strong communication skills and organizational skills to support our government client.

Qualifications and Education Requirements:

• An IA Level II certification (Certified Authorization Professional (CAP), CompTIA Advanced Security Practitioner (CASP), Certified Information Security Manager (CISM)) or higher is required.
• Must have experience completing tasks such as Security Control Validation in the DoD/AF directed cybersecurity management tool, currently Enterprise Mission Assurance Support System (eMASS), Account Management of the DoD/AF directed cybersecurity management tool, e.g. eMASS, and Federal Information Systems Management Act (FISMA) compliance.
• Must have experience related to Assessment & Authorization (A&A) and function/perform as the Information System Security Manager (ISSM). 
• Must have experience with all phases from start to finish of system accreditation via Risk Management Framework (RMF), as well as experience with associated tools (eMASS, Information Technology Investment Portfolio Suite (ITIPS), Security Technical Implementation Guides (STIG) viewer) and standards.
• Must have familiarity with Air Force, DoD, and national cybersecurity standards, policies, and directives.
• Must have experience with using enterprise-level account administration/management tools (e.g., IAO Express, Active Directory Users and Computers, CIPS).

Skills:

• Applying practical concepts of Cyber security
• Expertise in Microsoft office 

Duties:

• The candidate shall perform the ISSM duties as outlined in DoDI 8500.01 to manage the cybersecurity architecture, requirements, personnel and procedures for the Information System Owner.
• Shall track contracted cybersecurity personnel certification documentation; validate access agreements and compliance with cybersecurity baseline requirements.
• Review documentation to ensure they satisfy Security Engineering and Certification requirements.
• Assist with the review of entered information in the Information Technology Investment Portfolio System (ITIPS) and provide IT Portfolio Management functions.
• Coordinate security-related activities with information security architects, other ISOs, SCA, SCAR, WCO and AO.
• Track Cyber Tasking Orders and provide status for all assigned systems. (See PWS Assigned Systems Attachment 2.).
• Ensure systems are deployed and operated IAW approved system security plan.
• Assess and guide the quality, completeness of A&A activities, tasks, and resulting artifacts under RMF.
• The candidate shall provide ISSO functions for the legacy information systems IAW DoDI 8500.01, Cybersecurity, and AFI 17-130, Air Force Cybersecurity Program Management for all IA support services.
• The candidate shall provide initial authorization package creation and ATO maintenance support. )
• The candidate shall create all RMF authorization package documentation and create and document all artifacts as necessary and in addition to more specific requirements imposed by cognizant authorizing official, or other approving authorities. 
• Conduct and interpret automated scan reviews; perform and interpret automated scanning tools.
• Analyze, remediate and document vulnerabilities by: a) Performing vulnerability analysis, b) remediate vulnerabilities posing a corresponding risk to operations (e.g., remove or quarantine), and c) document residual risks into POAMs. 
• Scan for and apply remediation in accordance with Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRG), Security Readiness Review (SRR) tools, and generate DISA checklists and/or artifacts.
• Prepare ISs for the authorization process by making them compliant within the timeframe prescribed by the Information System Security Manager (ISSM) and/or Information System Owner. 
• Perform ATO maintenance for all RMF authorization packages and create and document all artifacts as necessary and in addition to more specific requirements imposed by cognizant authorizing official, or other approving authorities. 
• Maintain the IS artifacts, update artifacts based on change management and reporting required by DoD, SAF/Chief Information Officer (CIO), and eMASS.
• Perform all requirements to prepare ISs for the re-authorization process by making them compliant within the timeframe prescribed by the cognizant ISSM. 
• Assist the Government with performing Security Impact Assessments of proposed or actual changes to the ISs and their environment of operation then document findings in a Security Impact Assessment Report.
• Assess, document, and report all security controls, including but not limited to technical, management, operational, not applicable, and inherited by, the ISs.
• Address all conditions in ATO and PIT Risk Assessment (PRA) letters.
• Perform recurring real-time reviews of system artifacts for the accredited ISs as a result of maintenance performed and change management activities.
• Perform an annual review of IACs for the accredited ISs.
• Report the security status of the ISs (including the effectiveness of security controls employed within and inherited by the system) to the Authorizing Official (AO) – through the ISSM – and other appropriate organizational officials IAW the monitoring strategy, including, but not limited to, monthly status updates.
• Review the reported security status of the ISs (including the effectiveness of security controls employed within and inherited by the ISs) on an ongoing basis IAW the monitoring strategy to determine whether the risk to operations, organizational assets, individuals, or other organizations remains acceptable.

Non-Essential Functions:

• General Duty Requirements 

About Us

AttainX Inc. is SBA Certified 8(a), Women Owned Small Business (WOSB), Economically Disadvantaged WOSB (EDWOSB), CMMI Level 3, ISO 9001:2015 certified QMS and Silver Level SaFe Partner.  For more than 12 years, AttainX, Inc. has delivered emergent technologies, software products, and high-quality services that meet the needs of our Federal Government customers.  

The last 3 years have shown significant company growth as we have increased our contracts portfolio and hold the “Best in Class” contract vehicles, GSA MAS and OASIS Small Business and 8(a) Pools 1, 2 and 3. In addition, we are prime on several Agency Specific IDIQ’s and BPA’s with the National Oceanic and Atmospheric Administration, Department of Energy, Navy, Health and Human Service and the Defense Intelligence Agency.

AttainX is dedicated to quality and best practices for the services we provide. We understand our people are the key ingredient to ensuring our customers Mission and Goals are met with excellence. 

Benefits  

We are proud to offer competitive compensation and benefits packages to include paid vacation, medical, dental, vision, matching 401K plan, tuition/training reimbursement, and Long & Short Term Disability. 

EEO Commitment:

AttainX is an equal employment opportunity/affirmative action employer, we are committed to providing a workplace that is free from discrimination based on race, color, ethnicity, religion, sex, national origin, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, pregnancy, genetic information, or any other status protected by applicable federal, state, local, or international law. These protections also extend to applicants. Follow the links below to find out more;

EEO is Law Poster

EEO is Law Supplement

Pay Transparency Nondiscrimination Provision

Accommodations:

If you are an individual with a disability and would like to request a reasonable workplace accommodation, please send an email to HR@AttainX.com.  Indicate the specifics of the assistance needed. 

Physical Demands:

Sitting and working on a computer for long, continuous periods each day; effective communications by telephone, email, and face-to-face; standing, walking, and sitting; handling and feeling objects or controls; reaching; talking and hearing; lifting and/or moving up to 10 pounds; and specific vision abilities including close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust and focus.

Work Environment: The noise level in the work environment is usually moderate.