Senior Cyber Engineer - Military veterans preferred

Description

SAIC is seeking an Informance Assurance Engineer to support the NAVAIR Aviation Logistics Environment LOG-IT project. This project is focused on providing state of the art systems and support the fleet effectively and efficiently. This position includes cyber technical analysis, continuous monitoring and analysis, and technical evaluations in support of current and future proposed applications, systems, and solutions across within PEO (CS) LOG-IT. Work includes conducting detailed technical analysis, technical reviews, developing technical artifacts supporting application and system security categorization; implementing security controls and required mitigation and remediation artifacts; conducting application and system authorization technical requirements according to Navy Risk Management Framework (RMF) policy; and continuously assessing and monitoring application, system, and solution authorization status through the use of both automated and manual technical assessments. 

Work will be performed on site in Patuxent River, MD.

This opportunity is contingent upon contract award, anticipated in Summer 2022.

 

Primary Responsibilities

• Conduct Assessment and Authorization (A&A) activities for several high level programs per the DOD RMF (Risk Management Framework) 6-step process (categorizing to continuous monitoring) for system accreditations
• Perform manual STIG/SRG checklists, Nessus Assured Compliance Assessment Solution (ACAS) and SCAP Compliance Checker (SCC) assessments to secure software and hardware in order to secure the system and reduce or eliminate security vulnerabilities
• Provide support as an ISSE on the CAMEO application
• Support the administration of the HBSS deployment in a lab and production environment
• Implement the Department of Defense (DoD) Risk Management Framework (RMF) in accordance with DoDI 8510.01 for the analysis, design, development, implementation and security assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, CNSSI 1253, and DoD RMF Knowledge Service guidance
• Expert knowledge of operating systems (Linux, Windows), network protocols and technologies, web services, databases, scripting and firewalls
• Provide in depth software architecture, systems engineering, verification and validation
• Establish major aspects of the system development life cycle (SDLC) requirements, design, implementation, and test
• Review proposed new systems, networks and software designs for potential security risks, recommending mitigations or countermeasures, and resolving integration issues
• Provide experience and expertise with security engineering and analysis, architecture and design 
• Selecting, documenting, and assessing NIST security controls on newly developed systems
• Communicate with the ability to interact well in group meeting/working environments
• Support enterprise compliance and risk management and endures compliance
• Strong communication skills with multiple DoD agencies
• Experience writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.

 

Qualifications

Required:

• Must be a US Citizen
• Top Secret Clearance
• Must be able to pass a background investigation with a favorable adjudication
• DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III
• Minimum of 7-10 years of cybersecurity experience
• Bachelor's degree or equivalent in experience 
• Must be able to work customer site in PAX River, MD

Desired Experience & Skills:

• CISSP or equivalent
• GIAC Penetration Tester (GPEN)
• Minimum of 7 years of experience, preferably with a Bachelor’s Degree in Cybersecurity or Computer Science
• Risk Management Framework (RMF) and Assessment and Authorization (A&A)
• NIST Special Publications
• Navy Qualified Validator (NQV)
• DoD Information Assurance Certification and Accreditation Program (DIACAP)
• Automated vulnerability scanning tools
  • Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter
  • DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
  • Vulnerator
• Enterprise Mission Assurance Support Service (eMASS)
• Administration and/or development with:
  • Microsoft Windows Operating Systems
  • Red Hat Enterprise Linux (RHEL)
  • Java
  • Apache Tomcat
  • PostgreSQL
  • Virtualization
  • Cloud-based technologies
• Creation of network architecture and data-flow diagrams
• Familiarity with Navy Research, Development, Test, and Evaluation (RDT&E) Environments
• Experience at a joint program office or enterprise level

 

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.