Cyber Security Engineer 3 with RMF/ATO Expertise
Peraton
- Virginia Beach, VA
- $86,000-138,000 per year
- Permanent
- Full-time
- Responsible for the Security Posture of the application/system via Verification
- Performing SCAP (Evaluate STIG, Tenable Nessus, etc.)
- NSWC IHD is not responsible for scanning via SCAP
- Performing manual reviews via DISA STIGs/SRGs, etc. (completing the finding details/comments section)
- Writing mitigations for open Vulnerabilities
- Remediating open Vulnerabilities
- Assessing the SAs with Security solutions to remediate Vulnerabilities
- Updating/Creating POA&M/RAR
- Creating/Updating the Authorization Boundary, Architectural Diagram, and Information Flow Diagram (NQV will leverage this information when completing the SAP)
- Completing the Hardware and Software List (NQV will leverage this information when completing the SAP)
- Updating Implementation Plan, Security Controls/APs/CCIs and anything WRT the RMF/RMF AO package
- Ensuring the verbiage for the responses addresses the Security Controls/APs/CCIs.
- If referencing documentation, ensure the document, page number, section, etc. is mentioned
- Technical planning and systems engineering to ensure IA compliance and the cyber posture with respect to availability, integrity, authentication, confidentiality, and non-repudiation of critical system information.
- Provide ACAS scanning and STIG compliance checks on various standalone and networked systems.
- Apply software patches and patch sets and upgrade software to network systems, and perform regression testing to ensure upgrades and patches have not corrupted the system.
- Technical and Network Engineering services across systems life cycle.
- Provide decision analysis, evaluation of alternatives and design and test support.
- Technical engineering services, implementing disciplined and rigorous System Engineering and Network Engineering processes.
- Day-to-day cybersecurity operations and maintenance of information technology (IT) resources including network support, server support, and policy development and enforcement.
- Conduct DoD mandated cybersecurity scans and compliance checks on various networks/systems.
- Defense Information System Agency (DISA) Assured Compliance Assessment Solution (ACAS) scans.
- DISA Security Technical Implementation Guide (STIG) compliance checks.
- Conduct Security Content Automation Protocol (SCAP) scans for automated STIG checks as required for validation of compliance for Navy Authorizing Official (NAO).
- Perform software updates to systems.
- Apply software patches and patch sets during maintenance windows.
- Includes operating system (OS) patches released from DISA and available ton DISA’s patch repository website.
- Upgrade software.
- Conduct regression testing to ensure upgrades/patches have not corrupted the system.
- Provide analytical and technical security recommendations to other team members.
- Report any breaches of cybersecurity policies to the Information System Security Manager (ISSM) and director of the facility (i.e. unauthorized devices).
- Track security baselines and attend configuration control board (CCB) meetings dealing with infrastructure/network upgrades, including major and minor hardware/software that will potentially affect the baseline that is approved.
- Develop documentation to support ongoing system security operations, maintenance and specific problem resolution.
- Develop and update Plan of Actions and Milestones (POA&M) based off of the ACAS, SCAP and STIG artifacts for continuous monitoring assessments.
- 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD
- Minimum certification as 541 (or similar as required by the Technical Instruction) at the Intermediate level per DoDD 8140.01, or successor.
- All persons performing as Privileged Users are required to have and maintain a final adjudicated Tier 5 security investigation with an IT level-1 designation in Joint Personnel Adjudication System (JPAS) and/or Defense Information System for Security (DISS).
- Required Experience:
- Shall have a minimum of five (5) years of cybersecurity experience in performing system hardening.
- Shall have demonstrated experience with performing STIG implementation.
- Shall have demonstrated experience performing vulnerability assessments with the Assured Compliance Assessment Solution tool.
- Shall have demonstrated experience remediating vulnerability findings to include implementing vendor patches on both Linux and Windows Operating systems.
- Must have an active TS/SCI
- Travel up to 25%
- Work is onsite in Dam Neck (Virginia Beach, VA).