Senior Cybersecurity Engineer

Torch Technologies

Thank you for your interest in employment with Torch Technologies. We are a 100% employee-owned Certified Great Place To Work and named Best Places to Work in Huntsville/Madison County headquartered in Huntsville AL. Our team provides superior research development and engineering services to the Federal Government and Department of War. As one of the nations top 100 defense companies the services we provide directly support the men and women who serve our country. Our corporate mission sums up the pride our employee-owners take in the work we do: Lighting the Pathway of Freedom. And as a Certified Evergreen ESOP we have made the commitment to grow and sustain our company for the next 100 years! Come grow with us!

Torch Technologies has an exciting opportunity for aSenior Cybersecurity Engineerfor the Tenants Contract supporting theAir Force Divisionat theAir Force Research Laboratory Munitions Directorates Integration and Operations Division(AFRL/RWOC)at Eglin AFB FL. We are seeking a mission-focused Cybersecurity Engineer to work in tandem with network engineering to secure and defend multiple Science & Technology (S&T) networksadvanced high-bandwidth and configurable network supporting the research and development needs of scientists engineers and collaborative partners.

As a Senior Cybersecurity Engineer your duties include but are not limited to:

• Collaborate with network engineers to architect secure network topologies for current and future connected and isolated environments ensuring security is embedded in the design phase.

• Design and deploy security solutions for S&T environments that support continuous research development and DevSecOps working closely with network engineers to implement and maintain these solutions.

• Advise on security planning for long-term initiatives including SDREN integration and the Weapons Technology Integration Center (WTIC) and other facility projects in conjunction with network planning efforts.

• Develop security innovation roadmaps aligned with mission goals and emerging technologies coordinating with network engineers to ensure alignment with network modernization efforts.

• Coordinate with facilities engineering and network teams to ensure robust infrastructure supports secure research operations focusing on the security aspects of network hardware/power/cooling needs and structured cabling.

• Lead security aspects of containerization virtualization and orchestration of systems to support laboratory computing HPC and edge devices working with network engineers to implement secure configurations.

• Coordinate with facilities engineering and network teams to ensure robust infrastructure supports secure research operations focusing on the security aspects of network hardware/power/cooling needs and structured cabling.

• Lead security aspects of containerization virtualization and orchestration of systems to support laboratory computing HPC and edge devices working with network engineers to implement secure configurations.

• Engineer multiple S&T networks security architecture in compliance with NIST 800-series DoW RMF DISA Security Technical Implementation Guides (STIGs) and cybersecurity best practices collaborating with network engineers to ensure seamless integration. Review engineering architecture and designs to ensure DoW security policies are met.

• Implement DevSecOps pipelines to automate security scans and CI/CD deployments working with network engineers to integrate security into existing pipelines.

• Manage ATO package development and collaborate with ISSMs network engineers and cybersecurity stakeholders to ensure compliance. Review and develop RMF Assessment and Authorization (A&A) documentation e.g. System Security Plans (SSPs) Security Assessment Reports (SARs) and Plans of Action and Milestones (POA&Ms).

• Integrate identity management and single sign-on solutions across enclaves and hybrid environments coordinating with network engineers to implement and maintain these solutions. Analyze and tune HBSS policies for assets during integration test events. Perform verification and troubleshooting across all HBSS modules. Install updates to HBSS software as released and in compliance with STIG requirements. Monitor HBSS software to ensure that the clients/servers are operational and reporting properly; test and provide software fixes as needed. Monitor HBSS for any intrusions or rogues.

• Deploy and maintain security controls for hybrid cloud services and virtualization platforms (e.g. VMware AWS Azure) working with network engineers to ensure secure configurations.

• Design and manage security aspects of storage (SAN EFS EBS) automation (Terraform Packer Ansible) and orchestration (Kubernetes Docker) solutions.

• Enable secure connectivity between scientific equipment cloud resources and virtual desktops collaborating with network engineers to implement and maintain these connections.

• Monitor system and network security performance using SIEM platforms intrusion detection systems and custom dashboards working with network engineers to correlate data and identify security incidents. Monitor Security Information and Event Management (SIEM) and Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) for cloud services.

• Document security architectures procedures and system configurations with tools like Lucidchart Visio and Confluence ensuring documentation is aligned with network documentation. Maintain system documentation including the ATO and other applicable documents.

• Provide knowledge transfer mentorship and technical guidance to engineers and stakeholders on security-related matters working with network engineers to provide comprehensive guidance. Install configure and maintain multiple ACAS Security Centers (SC) and ACAS scanners. Install updates to Tenable software as released and in compliance with STIG requirements.

• Deploy maintain and tune Tenable scanners to meet current and future needs. Create deploy and manage Tenable scan configurations.

• Ensure that the ACAS scanners and Security Center are operational and reporting properly.

• Perform security compliance and vulnerability assessments specifically developing and applying STIG or CIS baselines for various operating systems including Windows or RHEL and CentOS.

• Perform analysis of ACAS and SCAP scans along with STIG checklist to develop POAMs. Run vulnerability scanning tools such as Trend Micro ACAS and other commercial and GOTS.

Required Qualifications:

• U.S. Citizenship is required.

• Masters Degree (in Computer Science Cybersecurity or a related field). Relevant experience may be substituted for the degree.

• 10 Years total experience at least 8 of which is in cybersecurity engineering architecture or R&D infrastructure.

• Requires a strong understanding of cybersecurity principles risk management and secure computing architectures to protect unclassified collateral and Special Access Program (SAP) networking environments critical to weapons technology innovation.

• Must have experience implementing and managing cybersecurity controls conducting vulnerability assessments and ensuring compliance with DoD security policies.

• Must collaborate closely with network engineers to integrate security into network designs support DevSecOps initiatives and maintain a robust security posture across isolated and connected enclavesall while enabling operational excellence and scientific agility.

• Must hold a DoW 8570/8140 IAT Level III (CISSP CISM or equivalent).

• Security CEH or other relevant security certifications is required.

• Expert-level knowledge of cybersecurity principles risk management and secure computing architectures.

• Hands-on experience with security tools and technologies such as SIEM intrusion detection/prevention systems vulnerability scanners and endpoint protection solutions. Experience with Host-Based Security System (HBSS) Assured Compliance Assessment Solution (ACAS) Nessus NNM LCE Nessus Manager Agents and Scanner.

• Experience with scripting (Python PowerShell) and automation tools (Ansible Chef).

• Familiarity with Risk Management Framework (RMF) Authority to Operate (ATO) documentation and enclave compliance management.

• Physically able to lift up to 50 lbs; adaptable to fieldwork and hands-on installations.

• Must have and maintain Secret level Security Clearance and must be Top Secret eligible.

• Must be eligible for Special Access Program (SAP) access.

Schedule:(M-F; 8-5)

Work Location: Onsite at Eglin AFB FL

Travel:No

Relocation Assistance Available: No

Position Contingent Upon Award of Contract: No

#LI-AH1

Benefits:

Torch Technologies is proud to offer a stable and professional work environment a competitive salary and an excellent comprehensive benefit package including: ESOP participation 401(k) match and safe-harbor contribution medical dental vision life insurance short-term disability long-term disability flexible spending accounts Health Saving Accounts and Health Reimbursement Accounts EAP education assistance paid time off and holidays.

Applying to Torch Technologies:

Only those candidates invited for an interview will be contacted. Employment at Torch Technologies is contingent upon the successful completion of a comprehensive background check.

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age genetic information citizenship ancestry marital status protected veteran status disability status or any other status protected by federal state or local law. Torch Technologies Inc. participates in E-Verify.

If you are a qualified individual with a disability or a disabled veteran you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access Careers Link as a result of your disability. You can request reasonable accommodations by sending an email to Thank you for your interest in Torch Technologies.