|Published||June 2, 2022|
Excentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations. We have an opportunity for a Senior Cybersecurity Engineer (Cloud-FedRAMP) supporting one of our Federal customers in the Washington DC Metro Area and remote locations MINIMUM CLEARANCE LEVEL: Secret Eligibility CITIZENSHIP: US Citizenship LOCATION: Washington DC Metro Area and Remote locations Job Description: The Cybersecurity Engineer determines enterprise information assurance and security standards. Develops and implements information assurance/security standards and procedures. Coordinates, develops, and evaluates security programs for an organization. They will provide recommendations for information assurance/security solutions to support the customers' requirements. Identifies, reports, and resolves security violations. Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. The position will be supporting the customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems, requiring specialized security features and procedures. May direct or perform analysis, design, and development of security features for system architectures. Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers. Designs, develops, engineers, and implements solutions that meet security requirements Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems. May direct or Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Review and ensure compliance with Department of Defense (DoD) policy and requirements. Designs, develops, and implements solutions to meet security requirements. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security. Participates in all phases of the systems lifecycle including preliminary and final design, systems development, integration, and testing. Responsibilities: * Develop/maintain processes that implement the DoD Security program. * Regularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities, * Assist in development of Plan of Action and Milestones (POA&M) and compliance. * Assist with POA&M management, mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems. * Support Validation of IT security architecture for compliance. * Assist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program * Conduct Incident Response and forensic analysis when necessary * Assist in management of the assessment/authorization program for on-prem and cloud systems * Ensure compliance with RMF policies and procedures * Maintains the electronic registration of systems in eMASS, DITPR, or other Portfolio as directed * Coordinates with stakeholders to communicate status and action items for systems in process * Develop relevant documentation for supported systems * Updates documentation as system information changes * Coordinates Annual Reviews * Supports/Performs assessment of NIST 800-53 controls * Support/Perform FedRAMP assessments * Coordinate with Threat Management Branch for Technical Assessment * Perform Vulnerability scanning and remediation of findings as required by CISM * Research security standards/tools; review or conduct system security and vulnerability assessments of cloud and on-prem environments in a fast-paced, demanding environment * Support development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks * Ensure platform and networks are compliant with DoD policies * Provide oversight to the cybersecurity team * Meet requirements to be a member of the FedRAMP team Required Education: * BS/BA preferred in Computer Science or 5 additional years of professional experience * Certified Information Systems Security Professional (CISSP) Required * Hold at least one of the following active credentials: * CompTIA Advanced Security Practitioner (CASP+ CE) * GIAC Certified Enterprise Defender (GCED) * GIAC Certified Incident Handler (GCIH) * GIAC Security Leadership (GSLC) * Certified Information Systems Auditor (CISA) * Certified Information Security Manager (CISM) * Certified Cloud Security Professional (CCSP) * CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP) * CISSP-Information Systems Security Engineering Professional (CISSP-ISSEP) * CISSP-Information Systems Security Management Professional (CISSP-ISSMP) * CyberSec First Responder (CFR) * Certified Chief Information Security Officer (CCISO) * Registered with the FedRAMP PMO as a qualified penetration tester (Desired) Required Skills: * Minimum 6 years' experience with cybersecurity engineering * Minimum 2 years' experience with Penetration Testing * Experience developing or supporting AWS and Azure systems * Deep knowledge and experience with FedRAMP or Impact Level assessments * Experience assessing the security of cloud * Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients * Advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interaction * Understanding DOD STIGs and ability to provide direction based on STIGs * In-depth experience with Risk Management Framework (RMF) * Experience/understanding of various control frameworks including NIST 800-171, CMMC, FedRAMP * Must be Capable of independent management of projects * Able to work in team environments and independently * Ability to write procedures and other informative correspondence * Ability to read, analyze and interpret security regulations * Good analytical and problem-solving skills to troubleshoot and resolve network/operating system security issues We take pride in building a workforce with a strong Veterans focus Excentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off. Excentium, Inc. is an equal opportunity employer.