Cyber Security Engineer

ASRC Federal Analytical Services, Inc is looking for a Cyber Security Engineer who has experience supporting system builds, implementing information security best practices, performing security analysis, software assurance and documentation of unique hardware and custom software in a multi-platform/multi-network environment during a full Risk Management Framework life cycle.

Responsibilities:

• Supports Information Assurance Certification and Accreditation (C&A) and associated IA processes, procedures, and activities.
• Provides capability and expertise to understand and properly implement DOD/MDA directives, instructions, and guidelines across hardware and software platforms.
• Works with the MDA cybersecurity management and case managers to ensure all cybersecurity actions for the MDDC Program are handled/resolved in a timely fashion with respect to MDA Designated Accrediting Authority and Certification Authority requirements.
• Responsible for the design, development, and implementation of solutions that meet network and system security requirements.
• Maintains existing security products and researches and develops new monitoring and management tools and procedures to comply with MDA and DoD instructions and guidelines.
• Performs vulnerability/risk analyses of computer systems, networks, software development deliverables, and applications.
• Establishes and satisfies complex system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Will perform tasks dealing with system builds, documentation review, system security hardening, and vulnerability management/reporting.
• Support the development of CDRLs, library review and management, sprint release preparation, and threat and risk assessments as a member of software development scrums.
• Will research DoD policy and complete various security tasking.

Minimum Requirements:

• Active Secret Clearance
• US Citizen
• Bachelor's degree in Engineering, Cybersecurity, Information Systems, or related field.
• Certification: CCNP Security, CISA, CISSP (or other IAT-III certifications); Security +
• Experience in cyber/software assurance/DevSecOps security tools.
• Familiarity with DoD security compliance documents as they relate to Linux and Windows environments is desired.

Desirable Qualifications:

• Experience with the DoD Risk Management Framework (RMF) Assess and Authorize process preferred.
• System accreditations/authorizations through the NIST Risk Management Framework (RMF).
• Understanding and validating NIST 800-53 Security Controls.
• Understanding of the software assurance process per the MDA Software Assurance 8500.05 and Cybersecurity 8500.01.
• Use of DoD mandated software including eMASS, ACAS, and McAfee HBSS preferred.
• Demonstrated experience reviewing, implementing, and assessing DISA Security Technical Implementation Guides (STIGs), DISA Security Requirement Guides (SRGs), and NSA Security Configuration Guides preferred.
• Technical troubleshooting skills and working knowledge of the Risk Management Framework for Department of Defense Information Technology.
• Experience in the software assurance/approval process.
• Experience and skills in establishing a Defense Posture for Applications, maintaining compliance with DoD Cyber and IA policies.
• Ability to work independently and within a larger group of engineers and cybersecurity professionals.