Cybersecurity Engineer

Overview

SMS is seeking an experienced Cybersecurity Risk Assessor to provide independent verification and validation (IV&V) and deliver recommendations to the Defense Threat Reduction Agency (DTRA) Security Control Assessor (SCA).  In this role, the candidate will conduct security control validation and assessment based on NIST SP 800-53, CNSSI-1253 and the DoD Risk Management Framework (RMF) process.

As a dynamic systems integrator, SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.

Submit your resume today!

Responsibilities

• Act as an independent and impartial assessor to determine and certify aggregate cybersecurity risk for recommendation to the SCA.
• Conduct security control validation and assessment of technical security features of a system or network to address known threats and vulnerabilities. The evaluation must consider and identify impacts as well as consideration of existing risk mitigation strategies.
• Validate and assess security controls in accordance with NIST SP 800-53, CNSSI-1253 and with the DoD Risk Management Framework (RMF) process.
• Conduct required vulnerability analysis to support mitigation and residual risk determination.
• Ensure traceability of all vulnerabilities from raw assessment results to the POA&M.
• Support updates of the RAR and POA&M based on the assessment results.
• Advise the AODR, AO, CISO of all DoD RMF matters related to associated systems based on the evaluation of associated security controls and artifacts.
• Identify, communicate, and deliver concise, coherent narratives on key controls and technical details of nuanced issues.
• Convey findings, recommendations, and ideas on complex IT systems to functional leaders and executives.

Qualifications

Minimum Requirements

• 8+ years of professional experience in a related field
• Experience in helping federal agencies manage risks associated with operating an on-premise and cloud-based information system while using RMF
• Possess in-depth knowledge of all NIST and CNSSI publications related to RMF and security controls for national security systems (NSS) and non-NSS systems.
• Possess working knowledge of DoD Risk Management Framework (RMF), DoD IA guidance and policies, and NIST 800 series standards.
• Possess in-depth knowledge and hands-on experience with eMASS software supporting the RMF process.
• Possess working knowledge of ACAS Security Center to include report generation and evaluation of vulnerability and discovery scans.
• Possess working knowledge of STIG Viewer to validate STIG checklists and SCAP scans.
• Ability to work effectively within a team environment as well as independently.
• Strong verbal and written communication skills.
• Active DoD Top-Secret clearance required
• DOD IAM Level II Required -- CAP, CASP+CE

Preferred Requirements

• Bachelor’s Degree (BS)
• IAM Level III preferred – CISM, CISSP, GSLC, CCISO

SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. 

SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.