Cyber Security Engineer
Location: Chantilly, VA
Must Be Able to Obtain a Public Trust
* This position requires a minimum of 25 % travel.
* Executing reviews of RMF Security Controls to ensure FISMA and NIST compliance.
* Support leadership to identify capability gaps in vulnerability management services by analyzing Plans of Action and Milestones (POA&Ms) associated with the facility or system.
* Conduct analysis and aggregation of Security Control and POA&M evidence from various sources.
* Maintain knowledge of current RMF security trends and be able to clearly communicate them to the client.
* Analyze vulnerability assessment data to identify technical risks to the organization.
* Support the identification and impact classification for new vulnerabilities identified in the client' s environment.
* Assist client in identification and reduction of findings at a site and enterprise level.
* Assess the Cybersecurity risk of IT systems documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process.
* Organize, develop, and present briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements.
* Applies knowledge of security principles, policy and regulations to daily tasking.
* Has experience with Cyber Security document management and is familiar with security and privacy rules.
* Researches policies, procedures, standards, and guidance, and recommends needed changes under specific conditions for the protection of information and information systems.
* Bachelor’s Degree in a security, computer science, or another related field.
* Three or more years of experience in security field using RMF required.
* Eight years of relevant experience may be substituted for educational requirement.
* Must be willing to travel up to 25% of the time.
* Experience with Cyber Security Policy.
* Must be well versed in Cyber Security Tools, network topologies, intrusion detection, PKI, and
* Must have familiarity and experience in the implementation of cyber security regulations.
* Experience with or exposure to NIST-800 requirements.
* Experience with or exposure to VA 6500 requirements is a plus.
* Must be a team player.
* Must be willing to take on other tasks as assigned.
* Proven experience executing assessment activities using RMF.
* Experience related to Application security, code security, vulnerability and risk assessments, security policy development and review, general IT and security controls development, compliance readiness
(i.e. NIST 800- Series, DIACAP, FISMA, FedRAMP, FIPS) and technical security architecture/ design/ development/ implementation.
* Experience performing vulnerability assessments and information security control audits.
* Familiarity with enforcing security policies and recommending revisions to policies to ensure proper IT security.
* Good understanding of security awareness training to users and IT Personnel and Business Continuity plans and processes.
* Very good written and verbal communication skills.
* Experience with network and application security testing tools and scripting languages.
* CISSP, CISA, GIAC, or Security+ certification a strong plus.