Cybersecurity Engineer III (InSITE)

Cybersecurity Engineer III (InSITE)- WTRS Orlando Florida

The Cybersecurity Engineer III serves as the senior/lead cybersecurity engineer for the InSITE application within the WTRS program. This role provides technical leadership for cybersecurity activities including program planning static and dynamic application security testing penetration testing monthly vulnerability assessments quarterly STIG reviews and RMF/ATO and continuous monitoring. The Cybersecurity Engineer III is responsible for driving the overall security posture of the InSITE solution across Dev Test and Production environments.

ESSENTIAL DUTIES & RESPONSIBILITIES:

*Lead cybersecurity engineering for the InSITE/WTRS program:
*Serve as primary cyber point of contact for program management engineering leadership and customer stakeholders.
* Provide input to program planning schedules and resource estimates for cybersecurity activities (e.g. static code analysis per sprint web app scans per release monthly and quarterly assessments).
* Represent cybersecurity in TIMs design reviews Agile events and other key meetings.
* Architect and oversee the security assessment strategy:
* Define and maintain the integrated assessment strategy encompassing SAST DAST penetration testing vulnerability assessments and STIG/SRG compliance.
* Ensure alignment of assessment activities with RMF ATO and organizational security requirements.
* Lead static and dynamic application security testing:
* Oversee static code analysis activities and integration into the development lifecycle.
*Guide web application vulnerability scanning and remediation for each release.
*Provide expert-level interpretation of findings risk evaluation and remediation guidance.
*Lead vulnerability management and continuous monitoring:
*Direct monthly vulnerability scanning and analysis across Dev/Test/Prod (20 servers and supporting infrastructure).
*Prioritize vulnerabilities based on mission risk and system impact; coordinate remediation strategies with system owners and developers.
*Establish or refine processes for continuous monitoring security metrics and reporting.
*Lead quarterly STIG/SRG assessments and system hardening:

* Oversee application of DISA STIGs and SRGs across relevant technologies including:
* ASD STIG Cloud Computing Mission Owner Network and OS SRGs.
*Windows Server IIS (Server/Site) .NET Framework Azure SQL.
* Endpoint security tools browsers and host firewalls.
*Ensure STIG checklists are current complete and accurately documented including justifications and risk acceptance where appropriate.
*Drive remediation efforts and risk acceptance decisions in coordination with program leadership and the customer.
* Lead penetration testing and advanced assessments:
*Plan scope and lead penetration tests including development of test plans and rules of engagement.
*Coordinate execution (hands-on or via specialized teams) to discover and exploit application and infrastructure vulnerabilities.
*Produce or review final penetration test reports with clear risk assessment supporting evidence and actionable mitigation plans.
*Own ATO / RMF and continuous monitoring for InSITE:
* Lead development finalization and submission of the Security Authorization Package (SAP) to obtain and maintain ATO.
*Oversee RMF activities including control implementation assessment POA&M management and ongoing risk management.
*Ensure continuous monitoring tasks (scans log reviews configuration compliance reporting) are properly planned executed and documented.
* Mentor and develop junior and mid-level cybersecurity staff:
*Provide technical guidance task direction and quality reviews for Cybersecurity Engineers I and II.
*Promote best practices for secure design secure coding and secure operations across the team Develop and maintain high-quality technical deliverables:

*Produce and review formal reports (vulnerability reports penetration test reports ATO documentation STIG packages).
* Present findings risks and recommendations to internal leadership and customer stakeholders.
*Identify opportunities for process and tool improvements:
* Recommend automation integration with CI/CD pipelines and other improvements to enhance efficiency and coverage of security assessments.
*Perform other duties as assigned.

EDUCATION & EXPERIENCE:

Bachelors degree in Cybersecurity Computer Science Information Systems Engineering or related field; or an equivalent combination of education and experience.
Typically 7 years of progressively responsible experience in cybersecurity system security engineering or closely related fields.
Demonstrated experience leading:
o Security assessments (SAST/DAST vulnerability scans) for complex applications and environments.
o DISA STIG/SRG-based hardening and assessments for servers applications and databases.
o RMF/ATO efforts for government or regulated systems including continuous monitoring.
o Penetration testing efforts either hands-on or through oversight of specialized teams.

KNOWLEDGE SKILLS & ABILITIES.

Expert knowledge of:
o Application security OWASP Top 10 and secure SDLC best practices.

o Vulnerability management processes and tools in multi-environment deployments (Dev/Test/Prod).
o System and network security for Windows Server IIS SQL/Azure SQL and cloud-hosted solutions.
Proven experience with:
o Enterprise vulnerability management tools (e.g. Tenable/Nessus Qualys comparable tools).
o Application security tools (SonarQube Fortify Veracode Burp Suite OWASP ZAP etc.).
o DISA STIGs DoD SRGs and associated implementation in production environments.
Strong understanding of:
o NIST SP 800-53 NIST RMF and ATO/continuous monitoring requirements.
o Cloud security architectures and controls (Azure preferred for InSITE).
Demonstrated leadership skills including:
o Leading cross-functional security initiatives and driving remediation efforts.
o Mentoring and guiding junior and mid-level engineers.
o Effectively interfacing with program managers customers and other stakeholders.
Excellent written and verbal communication skills including:
o Authoring formal technical reports and security documentation.
o Presenting complex security issues and trade-offs to technical and non-technical audiences.
Strong analytical and decision-making skills with the ability to balance mission needs risk and compliance.

CERTIFICATES LICENSES & REGISTRATIONS:

DoD 8570/8140 compliant certification at IAT III or IASAE level (e.g. CISSP CASP CSSLP or similar) strongly preferred; may be required by contract.

Offensive or advanced security certifications (e.g. OSCP OSWE GPEN GCIH) highly desirable.

SECURITY CLEARANCE:

Ability to obtain and maintain a Secret / Top Secret / as required security clearance for the WTRS program.
U.S. Citizenship required.

PHYSICAL DEMANDS:

Prolonged periods of sitting and working at a computer.
Occasional lifting and moving of materials equipment or documents up to approximately 2025 pounds.
Ability to travel to customer or company locations including secure facilities as required (anticipated occasional to moderate travel).

WORK ENVIRONMENT:

Professional office hybrid or customer-site environment depending on program needs.
Fast-paced mission-focused environment with multiple concurrent priorities.
Work may involve secure facilities classified systems and strict adherence to security and access control requirements.

Required Experience:

IC