Senior Cyber Security Engineer - Military veterans preferred



  full-time   employee

United States


Position Summary

SAIC is seeking a Cyber Security Engineer to join our MSI team supporting the Commonwealth of Virginia (COV). The ideal location for this role will be in Richmond, Clintwood, or Cookeville. There is an opportunity to work from home a couple of days a week as well. They will be interacting with COV technology suppliers and COV government entities about their cybersecurity needs, and providing a wide range of Enterprise Security Architecture and Engineering services, including conducting risk and vulnerability assessments at the network, system and application level, conducting threat modeling exercises, developing security controls and formulating operational risk mitigations. Applies extensive technical expertise and has full knowledge of other related disciplines. Receives assignments in the form of objectives and establishes goals to meet objectives.  Mentor and provide guidance to junior staff to achieve goals in accordance with established policies.  Work is reviewed and measured based on meeting objectives and schedules. This will require a combination of the following Knowledge, Skills, and Abilities:



·       NIST 800-series, and other Cyber-related laws, standards and                       guidance

·       Cloud technologies, capabilities, security standards, and                               deployment models

·       Architecture patterns commonly used to safely connect Internet                   and B2B devices and users

·       Identity Management / Rights Management tools and                                   implementation models

·       PKI and other common cryptographic best practices

·       Continuous Monitoring best practices and limitations



Strong verbal, analytical, and written communication abilities:

·       Verbal abilities should be confident but non-confrontational, articulate but not wordy, equally comfortable leading and following, and as eager to listen as to contribute. Frequently will lead briefings and technical meetings.

·       Analytical abilities should avoid black-and-white thinking, and instead embrace diversities of opinions and viewpoints for their ability to inform complex solutions to complex real-world problems. This includes the ability to analyze state-wide policies and procedures, and interpret into program best practices.

·       Written abilities should produce grammatically correct, concise, informative, and visually appealing written products.

·       Adaptability to both technical and non-technical audiences and a strong customer-service focus will be critical since this is a role that will have frequent contact with our COV customer.  Will be involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.



·       Cybersecurity tools and related capabilities: Applies a combination of expert engineering knowledge of enterprise IT and security solution architectures to design, develop and implement solutions in a manner consistent with enterprise architecture security policies to support full spectrum cyberspace operations. Hands-on experience with installing, configuring, troubleshooting, and designing solutions with a wide selection of Cyber industry tools, especially any of the following: RSA Archer, CyberArk, SailPoint, Nessus, Splunk, Active Directory, LDAP, Okta, Firewalls (Cisco, PaloAlto, Sidewinder), SQL Server, IPsec VPNs, MPLS, SAML, Encase, CMDB, cURL, PuTTY, Java, JavaScript, JBOSS, JDBC, ServiceNow, Okta, eGRC tools, PKI concepts / PIV provisioning, static code analyzers, endpoint protection capabilities, VMware/VSphere, System Admin tools, virtualization failover techniques, Cloud/FedRAMP security practices & service deployment models, SSAE16 audits, and related protection capabilities and tools. 

·       Requirements Capture:  The ability to listen to Customers and capture their business capability needs. The ability to then translate Customer business capability needs into technical requirements. 

·       Design:  The ability to craft and design solutions, and produce both technical specifications and limitations to inform business decision-making.

·       Project Management:  The ability to structure and execute a project in accordance with PMBOK® (Project Management Body of Knowledge) best practices. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of system's audits and monitors corrective actions until all actions are closed.  Support cyber metrics development, maintenance and reporting.

·       Analysis:  The ability to perform systems analysis functions.  The ability to measure, via analysis, how systems and security postures change over time, and to apply that knowledge to solutions engineering activities.

·       Communications and Presentation Skills:  The ability to simplify technical complexities and present solutions in terms that resonate with decision-makers and Customers seeking business capabilities. Interacts with senior external personnel on significant technical matters often requiring coordination between organizations.


Required Education and Experience

  Must have a Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; or PhD and zero (0) years or more experience.  Engineering, science, and mathematics disciplines are preferred. We will accept and additional 4 years of relevant experience in lieu of a degree. 

•   Must have at least 3 years of direct Cybersecurity experience. 

   Must be a U.S. citizen with the ability to pass a Commonwealth of Virginia background check.   

Preferred Skills: 

 Continual Learning.  Completion of advanced course work, or attainment and maintenance of cybersecurity-related credentials and certifications, is preferred.

 ITIL Certification.  Candidates who have completed ITIL v3 2011 Foundation or above are preferred. 

 Location.  Work will be performed in Richmond, VA, with infrequent work-related travel.