DOW Cyber Security Engineer

Alexandria, VA - USA

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

cFocus Software seeks a Cyber Security Engineer to join our program supporting the Department of Defense (DoD). This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

Bachelors degree in Cybersecurity Information Assurance Information Technology or a related field.
Minimum of 7 years of experience supporting cybersecurity for enterprise IT systems.
Demonstrated experience with DoD RMF processes and ATO maintenance.
Strong knowledge of NIST SP 800-53 NIST SP 800-171 and DoD cybersecurity requirements.
Experience supporting vulnerability management STIG compliance and continuous monitoring.
Familiarity with Agile and DevSecOps development environments.
Strong analytical documentation and communication skills.
Ability to obtain and maintain a Tier 3 (or higher) background investigation

Duties:

Support and maintain the DSAID Authority to Operate (ATO) through RMF lifecycle activities.
Implement assess and document NIST SP 800-53 and NIST SP 800-171 security controls.
Develop and maintain System Security Plans (SSP) Security Assessment Reports (SAR) and Plans of Action and Milestones (POA&M).
Conduct vulnerability scanning security control assessments and continuous monitoring activities.
Support remediation of vulnerabilities identified through ACAS STIGs and security scans.
Ensure compliance with DoD cybersecurity policies Privacy Act requirements and data protection standards.
Coordinate with system owners developers DBAs and operations staff to integrate security into system design and changes.
Support security impact analyses for system enhancements configuration changes and vendor updates.
Assist with incident response cybersecurity reporting and audit support.
Support DevSecOps activities by embedding security practices into Agile development workflows.
Ensure compliance with Section 508 requirements where applicable to system interfaces.
Participate in technical reviews security working groups and Government meetings.
Support transition-in knowledge transfer and sustainment activities.
Develop and maintain cybersecurity documentation and standard operating procedures

Required Experience:

Senior IC

Bachelors degree in Cybersecurity Information Assurance Information Technology or a related field.
Minimum of 7 years of experience supporting cybersecurity for enterprise IT systems.
Demonstrated experience with DoD RMF processes and ATO maintenance.
Strong knowledge of NIST SP 800-53 NIST SP 800-171 and DoD cybersecurity requirements.
Experience supporting vulnerability management STIG compliance and continuous monitoring.
Familiarity with Agile and DevSecOps development environments.
Strong analytical documentation and communication skills.
Ability to obtain and maintain a Tier 3 (or higher) background investigation

Duties:

Support and maintain the DSAID Authority to Operate (ATO) through RMF lifecycle activities.
Implement assess and document NIST SP 800-53 and NIST SP 800-171 security controls.
Develop and maintain System Security Plans (SSP) Security Assessment Reports (SAR) and Plans of Action and Milestones (POA&M).
Conduct vulnerability scanning security control assessments and continuous monitoring activities.
Support remediation of vulnerabilities identified through ACAS STIGs and security scans.
Ensure compliance with DoD cybersecurity policies Privacy Act requirements and data protection standards.
Coordinate with system owners developers DBAs and operations staff to integrate security into system design and changes.
Support security impact analyses for system enhancements configuration changes and vendor updates.
Assist with incident response cybersecurity reporting and audit support.
Support DevSecOps activities by embedding security practices into Agile development workflows.
Ensure compliance with Section 508 requirements where applicable to system interfaces.
Participate in technical reviews security working groups and Government meetings.
Support transition-in knowledge transfer and sustainment activities.
Develop and maintain cybersecurity documentation and standard operating procedures