Cybersecurity Engineer (Mid-Level)

At Credence, we support our clients' mission-critical needs, powered by technology. We provide cutting-edge solutions, including AI/ML, enterprise modernization, and advanced intelligence capabilities, to the largest defense and health federal organizations. Through partnership and trust, we increase mission success for war-fighters and secure our nation for a better future.

We are privately held, are repeatedly recognized as a top place to work, and have been on the Inc. 5000 Fastest Growing Private Companies list for the last 12 years. We practice servant leadership and believe that by focusing on the success of our clients, team members, and partners, we all achieve greater success.

We are seeking a mid-level Cybersecurity Engineer to join Credences' Technology Foundation Services Team. The Cybersecurity Engineer supports enterprise cybersecurity operations with an emphasis on Risk Management Framework (RMF) implementation, continuous monitoring, and compliance support for DoD information systems. This role provides cybersecurity engineering support to authorization and audit activities while coordinating closely with technical engineering teams responsible for remediation and system maintenance.

The role emphasizes RMF sustainment and assessment support, with a primary focus on cybersecurity compliance activities. The successful candidate will support assessment preparation, security documentation, POA&M development and tracking, and compliance reporting across on-premises and cloud environments.

• A secret security clearance is required
• DoD 8570 / 8140 IAT Level II is required
• Minimum 5 years of cybersecurity experience, with demonstrated involvement in RMF, compliance, or system authorization support

• Experience supporting RMF documentation, assessments, and continuous monitoring activities
• Familiarity with NIST SP 800-53, RMF, STIGs, and DoD cybersecurity policies
• Experience with vulnerability management processes and POA&M development

Cybersecurity Engineering & RMF Support

• Support RMF lifecycle activities, including control implementation support, assessment preparation, authorization sustainment, and continuous monitoring

• Develop, update, and maintain RMF artifacts in eMASS, including SSPs, POA&Ms, assessment evidence, and supporting documentation
• Support Security Test and Evaluation (ST&E) activities and validation of security control implementation
• Assist with preparation for cybersecurity inspections, audits, CCRIs, CVAs, and other compliance reviews

Vulnerability & Compliance Coordination

• Review vulnerability scan results, STIG findings, and audit outputs to support risk-based remediation planning
• Develop and track POA&Ms associated with vulnerabilities and compliance findings
• Coordinate with engineering and operations teams to ensure remediation actions are documented, validated, and reported
• Provide compliance status updates, metrics, and briefing materials as required

Security Documentation & Reporting

• Develop and maintain cybersecurity documentation, including procedures, plans, technical narratives, and compliance artifacts
• Support change management activities by providing security impact input and documentation updates
• Assist with preparation of leadership reports, dashboards, and compliance briefings

Technical Collaboration

• Provide cybersecurity engineering input to system design, architecture, and configuration discussions
• Collaborate with patching, endpoint, and infrastructure teams while remaining focused on governance, documentation, and compliance
• Support enterprise cybersecurity initiatives, including Zero Trust and cloud security, from an engineering and compliance perspective