Cybersecurity Engineer

Job Type Full-time Description

Serve as a cyber subject matter expert and advisor to the ECMA. Provide cyber system architecture and engineering expertise, technical advice, develop and review cyber security policy and threat models and support expanding CSSP offerings and C5ISR efforts. Support the Risk Management Framework Cloud (RMFc) process, assist in developing RMFc documentation for customers and application owners across all Cloud service models and shared services. Review and make recommendations of customer RMFc documentation as required and assist the authorizing official (AO) with the certification of all Army cloud instantiations. Provide support to streamline inheritable controls from the Cloud Service provider down to Application owners. Provide recommendation process and procedures to further automate validation checks of STIGs, vulnerability detection, and static code analysis.

Support business continuity activities to include continuity planning, conducting business impact assessments, creating systems and processes of prevention and recovery to deal with potential threats to the Army. In addition to prevention, will enable on-going operations before and during service interruptions or actual execution of a disaster recovery operations. Additionally, will assist with creating spillage processes, ultimately enabling Army customers to immediately remediate.

Support data security throughout the lifecycle in cloud environments (Create, Store, Use, Share, Archive and Delete). Provide expertise in selecting relevant technical solutions to ensure data is secure within all cloud service models. In this role, provide expertise in selection and deployment of a Security Information and Event Management (SIEM) system that is user-friendly and relevant to mission-sets across the Army.

• Experience with Incident Response and SOC operations
• Monitoring and analysis of potential threat activity.
• Providing engineering support, operations, and maintenance of security tools.
• Must be able to run vulnerability and patching reports, analyze data, and respond/resolve customer support tickets relating to aforementioned tools.
• In-depth familiarity with Systems Security Categorization, Federal Information Processing Standard (FIPS 199 & 200), Federal Information Security Management Act (FISMA) 2014, Security Assessment Plan (SAP), aggregating risk, remediation of findings, and Ports Protocols Services Management (PPSM)
• In-depth operational and technical knowledge of security concepts including, but not limited to Security, Information, and Event Monitoring (SIEM) tools
• Practical knowledge of security management processes including, but not limited to, risk management, security planning, IT security control implementation, testing, and logical access controls
• Exceptional verbal and written communication skills.
• Practical knowledge of Federal Cybersecurity - FISMA, NIST, OMB
• Proven ability to meet schedule and performance requirements for IT Security projects
• Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to      ensure compliance of NIST 800-53 security controls.
• Assess solutions’ architectural designs for compliance with NIST 800-53 rev 5 and DOD related policies for on premise and cloud-based solutions; prepare assessment documentation.
• Develop security artifacts to support the IA program to include System Security Plans (SSP), Security      Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged      User Guides, Security Test Procedures and other documents as needed.
• Support systems through all steps of RMF and enable Gov Client to achieve and or maintain authorities.
• Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations.

#pmf

Requirements

  

• Bachelor’s degree in Engineering or IT related field
• Active IAM III certification
• 7+ years professional experience in a related field
• 3+ years of experience in Army, DoD, or IC at the Headquarters, Department of the Army, or major command level (e.g. ARCYBER, NETCOM, 7th Signal Command, Program Executive Office) or in industry implementing similar solutions
• Active SECRET clearance (or higher) 
• Strong working knowledge of large, complex IT environments
• Experience implementing solutions and services in a similar sized organization
• Expert ability to communicate effectively in both oral and written forms with all levels of staff 
• Ability to effectively present information to, and interact well with, different levels of the organization.
• Strong technical writing expertise.
• Ability to work well in a strong collaborative team-oriented environment.
• Strong working knowledge of large, complex IT environments

QBE is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender, gender-identity and/or expression, age, disability, Veteran status, genetic information, pregnancy (including childbirth, lactation, or other related medical conditions), marital-status, neurodivergence, ethnicity, ancestry, caste, military/uniformed service-member status, or any other characteristic protected by applicable federal, state, local, or international law.