Cybersecurity Engineer - Military veterans preferred

Description

Cybersecurity Engineer

Summary

Space and Naval Warfare Systems Center Pacific (SSC Pacific) provides the U.S. Navy and military with essential capabilities in the areas of command and control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR), cyber, and space.

SSC Pacific’s Automated Maintenance Environment and Engineering Services Division provides research, development, systems engineering, integration, and life cycle support of fielded systems to Naval Air Systems Command (NAVAIR) PMA-275.

This position supports the cybersecurity efforts of SSC Pacific and NAVAIR PMA-275 in the development and sustainment of the Comprehensive Automated Maintenance Environment Optimized (CAMEO) system and the Readiness Integration Center (RIC). 

 

Primary Responsibilities

·       Conduct Assessment and Authorization (A&A) activities for several high level programs per the DOD RMF (Risk Management Framework) 6-step process (categorizing to continuous monitoring) for system accreditations

·       Perform manual STIG/SRG checklists, Nessus Assured Compliance Assessment Solution (ACAS) and SCAP Compliance Checker (SCC) assessments to secure software and hardware in order to secure the system and reduce or eliminate security vulnerabilities

·       Provide support as an ISSE on the CAMEO application

·       Support the administration of the HBSS deployment in a lab and production environment

·       Implement the Department of Defense (DoD) Risk Management Framework (RMF) in accordance with DoDI 8510.01 for the analysis, design, development, implementation and security assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, CNSSI 1253, and DoD RMF Knowledge Service guidance

·       Expert knowledge of operating systems (Linux, Windows), network protocols and technologies, web services, databases, scripting and firewalls

·       Provide in depth software architecture, systems engineering, verification and validation

·       Establish major aspects of the system development life cycle (SDLC) requirements, design, implementation, and test

·       Review proposed new systems, networks and software designs for potential security risks, recommending mitigations or countermeasures, and resolving integration issues

·       Provide experience and expertise with security engineering and analysis, architecture and design 

·       Selecting, documenting, and assessing NIST security controls on newly developed systems

·       Communicate with the ability to interact well in group meeting/working environments

·       Support enterprise compliance and risk management and endures compliance

·       Strong communication skills with multiple DoD agencies

·       Experience writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.

Qualifications

Key Requirements

·       Must be able to pass a background investigation with a favorable adjudication

·       DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III

·       Bachelors degree or 4 years additional experience in lieu of degree

·       Minimum of 7-10 years of cybersecurity experience

 

Desired Experience & Skills

·       CISSP or equivalent

·       GIAC Penetration Tester (GPEN)

·       Minimum of 7 years of experience, preferably with a Bachelor’s Degree in Cybersecurity or Computer Science

·       Risk Management Framework (RMF) and Assessment and Authorization (A&A)

·       NIST Special Publications

·       Navy Qualified Validator (NQV)

·       DoD Information Assurance Certification and Accreditation Program (DIACAP)

·       Automated vulnerability scanning tools

o   Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter

o   DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)

o   Vulnerator

·       Enterprise Mission Assurance Support Service (eMASS)

·       Administration and/or development with:

o   Microsoft Windows Operating Systems

o   Red Hat Enterprise Linux (RHEL)

o   Java

o   Apache Tomcat

o   PostgreSQL

o   Virtualization

o   Cloud-based technologies

·       Creation of network architecture and data-flow diagrams

·       Familiarity with Navy Research, Development, Test, and Evaluation (RDT&E) Environments

·       Experience at a joint program office or enterprise level

Travel Required

·       Minimal

·       Travel is dependent upon the needs of the customer and availability of funding

Security Clearance

·       Secret