Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.
We have an opportunity for a Senior Cybersecurity Specialist (Cloud-FedRAMP) supporting one of our Federal customers in the Reston, VA Area and remote locations
MINIMUM CLEARANCE LEVEL: Secret Eligibility
CITIZENSHIP: US Citizenship
LOCATION: Reston, VA area and Remote locations
The Cybersecurity Engineer determines enterprise information assurance and security standards. Develops and implements information assurance/security standards and procedures. Coordinates, develops, and evaluates security programs for an organization. They will provide recommendations for information assurance/security solutions to support the customers' requirements. Identifies, reports, and resolves security violations. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. The position will be supporting the customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems, requiring specialized security features and procedures. May direct or perform analysis, design, and development of security features for DHA or VA system architectures. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers. Designs, develops, engineers, and implements solutions that meet security requirements Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems. May direct or Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Review and ensure compliance with Department of Defense (DoD) policy and requirements. Designs, develops, and implements solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security. Participates in all phases of the systems lifecycle including preliminary and final design, systems development, integration, and testing.
Responsibilities:
Develop/maintain processes that implement the DoD Security program.
Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,
Assist in development of Plan of Action and Milestones (POA&M) and compliance.
Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.
Support Validation of IT security architecture for compliance.
Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program
Conduct Incident Response and forensic analysis when necessary
Assist in management of the assessment/authorization program for On-prem and cloud systems
Ensure compliance with DHA RMF policies and procedures
Maintains the electronic registration of systems in eMASS, DITPR, or other Portfolio as directed
Coordinates with stakeholders to communicate status and action items for systems in process
Develop relevant documentation for supported systems
Updates documentation as system information changes
Coordinates Annual Reviews
Supports/Performs assessment of NIST 800-53 controls
Support/Perform FedRAMP assessments
Coordinate with Threat Management Branch for Technical Assessment
Perform Vulnerability scanning and remediation of findings as required by CISM
Research security standards/tools; review or conduct system security and vulnerability assessments of cloud and on-prem environments in a fast-paced, demanding environment
Support development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks
Ensure platform and networks are compliant with DoD policies
Provide oversight to the cybersecurity team
Meet requirements to be a member of the FedRAMP team
Required Education:
BS/BA preferred in Computer Science or 5 additional years of professional experience
Minimum of DoD 8570.01-M IAT Level III Certification
Hold at least one of the following active credentials:
Cisco Certified Network Professional CCNP / Security
CompTIA Advanced Security Practitioner (CASP)
Certified Information Systems Security Professional (CISSP)
Certified Secure Software Lifecycle Professional (CSSLP)
CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP)
SANS GIAC Penetration Tester (GPEN)
Open Web Application Security Project Penetration Tester (OWASP)
Registered with the FedRAMP PMO as a qualified penetration tester
Required Skills:
Minimum 8 years' experience with cybersecurity engineering
3 years' experience with cloud engineering
Experience developing or supporting AWS and Azure systems
Deep knowledge and experience with FedRAMP or Impact Level assessments
Experience assessing the security of cloud
Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
Advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interaction
Understanding DOD STIGs and ability to provide direction based on STIGs
In-depth experience with Risk Management Framework (RMF)
Experience/understanding of various control frameworks including NIST 800-171, CMMC, FedRAMP
Must be Capable of independent management of projects
Able to work in team environments and independently
Ability to write procedures and other informative correspondence
Ability to read, analyze and interpret security regulations
Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues
We take pride in building a workforce with a strong Veterans focus
Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.