Cyber Security Engineer II

• Supporting the information system owner to complete security assessments achieve system authorizations continuous monitoring and configuration management through eMASS
• Performing cybersecurity testing analysis and reporting by conducting the following: Assured Compliance Assessment Solution (ACAS) scans Security Technical Implementation Guide (STIG) checks port scanning application code review Risk Management Framework (RMF) control review and Plan of Action and Milestone (POAM)
• Providing in depth analysis on cybersecurity test results remediation steps and potential mitigating factor(s)
• Assessing NSWC systems in accordance with Navy NIST DoD and DISA guidance
• Reporting security incidents in accordance with the Commands Incident Response Plan
• Verifying configuration management and tracking security update implementation to the systems using existing automated tools
• Adhering to pre-defined configuration management and change management policies and procedures for authorizing software prior to its implementation on systems
  Ensuring systems are operated used maintained and disposed of in accordance with all applicable security policies and practices
• Supporting the Information System Security Manager (ISSM) and Cybersecurity Lead in meeting all RMF documentation process policy risk assessment testing and continuous monitoring requirements per the NIST SP-800 series
• Verifying patches and virus definitions are updated on the system using existing automated tools
• Providing RMF support for all future and/or new Assessment and Authorization (A-A)
  Collaborating with the IPT Lead PM Developers Engineers and Test teams through guidance and options on how to meet all technical and policy security-control
• Maintaining security reporting compliance requirements outlined in the System SLCM Strategy

FILLING THIS POSITION IS CONTINGENT UPON FUNDING

#LI-AM1

• Must possess an active Secret clearance at the minimum
• A minimum of five years of cybersecurity experience
• Must currently hold a DoD 8570-compliant IAT II certification (SSCP or Security CE with appropriate CE/OS certificate) and IAM II certification (CAP or CASP CE) or be able to obtain within six months
  • CE/OS certificate may include Windows or Linux
• Be knowledgeable and experienced with Windows & Linux operating systems
• Be knowledgeable and experienced with RMF steps activities tools and resources
• Shall contribute and be familiar with guidance on current and dynamic computer security requirements best practices and information system/network hardening techniques and consult and contribute on policy procedure and guideline development
• Have knowledge of National Institute of Science and Technology (NIST) standards and Defense Information Systems Agency (DISA) STIGs standards guidelines and requirements as related to Cybersecurity and Risk Management
• Have knowledge of common and DOD specific network/communication protocols processes and architectures
• Have experience in administering and hardening Microsoft Windows and other operating systems in accordance with DISA and NIST requirements
• Supporting the Information System Security Manager (ISSM) and Cybersecurity Lead in meeting all RMF documentation process policy risk assessment testing and continuous monitoring requirements per the NIST SP-800 series
• Have professional communication skills and the ability to express thoughts and ideas clearly and concisely
• Must be a team player dedicated to program support capable of multitasking and working several complex and diverse tasks with simultaneous or near-simultaneous deadlines
• Be a self-starter who is accountable and requires minimal direction and supervision
• Be open to new and innovative ideas
  

• 8 years of cybersecurity experience
• Indepth knowledge of DoD cyberpolicy frameworks (RMF NIST80053 CNSSI1253)
• Experience with Risk Management Framework (RMF) processes
• Experience authoring and editing RMF Control Family Plans
• Experience with Evaluate STIG and/or STIG Manager
• Experience with eMASS SSPs POAMs ACAS/Nessus SCAP Security Checklists and STIG Viewer

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS A U.S. GOVERNMENT SECURITY CLEARANCE AT THE SECRET LEVEL

• Up to 15% of travel

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.

SRC offers a generous benefit package including medical dental and vision plans 401(k) with a company match life insurance vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually 11 paid holidays tuition reimbursement and a work environment that encourages excellence and more. For positions requiring a security clearance selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Scientific Research Corporation is an equal opportunity employer that does not discriminate in employment.

All qualified applicants will receive consideration for employment without regard to their race color religion sex age sexual orientation gender identity national origin disability protected veteran status or any other protected characteristic under federal state or local law.

Scientific Research Corporation endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process please contact for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.