CyberSecurity Engineer (Remote Opportunity)
VetsEZ
- Virginia
- Permanent
- Full-time
- Communicate and provide consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO).
- Coordinate and lead security and privacy activities within project teams and develop security and privacy-related artifacts.
- Implement cybersecurity requirements for IT systems and applications, documenting them in formal security engineering documents using the Risk Management Framework.
- Perform security analysis to identify gaps, implement compensating/mitigating controls, and assess residual risk.
- Identify security risks through security impact analysis, system risk assessments, and technology security risk reports.
- Conduct security compliance evaluations on IT products using various security evaluation tools.
- Assess operating system and security configuration guidelines for IT product initialization and deployment using NIST SP 800-53 Security Controls.
- Conduct and analyze security evaluation tools results from Tenable Nessus, Nmap, SCAP, and Wireshark.
- Assess operating system and security configuration guidelines into images for IT product initialization and deployment within the infrastructure SCAP-SCCD-BigFix.
- Experience working in the FedRAMP cloud environment, understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities.
- Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, or any other relevant discipline is required.
- A minimum of five (5) years of Information Security Experience, of which at least 3 years are of Cybersecurity and Cloud Security experience at a large Government agency similar in size/scope to GSA, IRS, DoD, or VA.
- Expert communication and consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO), using Risk Management Framework (RMF).
- Experience and Technical knowledge of Network and Software Development.
- Experience in the creation of Security-Specific documentation such as Incident Response, Contingency Planning, and Disaster Recovery processes.
- Familiarity with the security controls outlined by the National Institute of Standards and Technology (NIST), as well as the Governance, Risk Management Framework (RMF), and security compliance procedures.
- Skilled in providing support for system Authority to Operate (ATO) processes, including the creation of artifacts, implementation of controls, and development of POAMs.
- Capable of facilitating meetings, conducting a thorough analysis of authorization documents and associated artifacts to identify any gaps, establishing a schedule to address outstanding authorization requirements, and effectively coordinating with stakeholders within the system team.
- Proficient in utilizing the Enterprise Mission Assurance Support Service (eMASS) tool to manage intricate system records.
- Experience in IT and Cloud design, security, development, systems engineering, and implementation efforts.
- Ability to obtain a government clearance.
- One or more of the following: IAT II, IAM II or IASAE II certifications: ISC2 CISSP, ISC2 CAP, ISC2 SSCP, ISC2 CCSP, ISC2 ISSEP, ISACA, CISM, CISA, ISC2, EC-COUNCIL CEH, CompTIA Security+, CompTIA Network+
- Medical/Dental/Vision
- 401k with Employer Match
- PTO + Federal Holidays
- Corporate Laptop
- Training opportunities
- Remote Opportunity