Cyber Security Engineer Location: St. Louis, MO; Chantilly, VA; Gaithersburg, MD, Springfield, VA
Clearance: Top Secret/SCI JOB DESCRIPTION:
Invex is seeking a Cyber Security Engineer to support an IC customer Program focused on the Integration, Operations, and Sustainment of various systems both legacy and in development. The Cyber Security Engineer will need to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment, and the ability to coordinate multiple, concurrent tasks in an effective manner. The Cyber Security Engineer works with internal team members to ensure the systems are functional, secure, and scalable, as well as internal leadership and customer PMO and security counterparts as the single POC for all items related to security. The systems and networks documentation and services developed will be used to collect and process data and improve the programs security infrastructure. The Cyber Security Engineer will design and develop cyber security technology along with integration of new architectural features into existing infrastructures while maintaining the integrity and security of enterprise-wide cyber systems and networks. The Cyber Security Engineer shall have security Assessment and Authorization (A&A) expertise, to include but not limited to: ICD 503, Federal Information Security Management Act (FISMA), Xacta, and National Institute of Standards and Technology (NIST). RESPONSIBILITIES:
- Lead multi-disciplined teams in the design and implementation of the cyber security system architecture.
- Produce cyber security architectural artifacts. Provide architectural analysis of cyber security
features and existing system related to future needs and trends.
- Reviews and provides input to system requirements based on cyber security posture.
- Compiles industry best practices and lessons learned into future iterations and new designs.
- Supports the Engineering Review Board by evaluating artifacts for architectural compliance.
- Provides broad based experience in the systems engineering lifecycle and apply the experience to
specific cyber security initiatives relating to architectural design and development.
- Resolves architecture implementation issues during integration and test.
- Advise and assist team members to deploy and configure collection services and tools
- Work with team members to move data to the appropriate data stores
- Meet hands-on RMF responsibilities
- Lead Vulnerability Management and ConMon tasks with Enterprise Security Services CORE QUALIFICATIONS:
Basic Qualifications:
- Proactive self-starter demonstrating a positive, willing attitude and excellent oral and written communication skills.
- Demonstrated ability to adapt to new technologies and learn quickly
- Organizational Skills: Can plan and prioritize work. Follows tasks to their logical conclusion and makes sure that everything has been done to the right standard. Good attention to detail.
- Communications: Ability to communicate clearly and efficiently to team members and clients, verbally and in writing. Able to present ideas in a variety of ways depending upon audience and context.
- DoD.8570/8140 IAM III Certification (CISSP, CISM, CISA, etc.)
- Security Assessment and Authorization (A&A) expertise
- Must possess and maintain a TS/SCI Security Clearance
- Minimum Required - COMPTIA Security+ or comparable IAT/IAM II/III certification
- Requires BS degree and 8-12 years of prior relevant experience OR, Masters with 6-10 years of prior relevant experience; OR 4 years of additional experience in lieu of degree
- Familiar with Amazon Web Services (S3 Buckets, EC2, Reserved Instances, etc.)
- Familiar with System Engineering documentation creation (VDDs, diagrams, etc.)
- Familiar with team collaboration tools (Jira, Confluence, RocketChat)
- Working knowledge with XACTA 360, Tenable Security Center, Nessus, Trelix ePO, ACAS, HBSS and Audit enterprise security services
- Proficient in ACAS Vulnerability and STIG scanning, reporting, management and remediation
- Viewed as an industry expert in the Risk Management Framework (RMF) steps one thru six with the ability to lead Assessment and Authorization (A&A) tasks to successfully achieve Authority to Operate (ATO)
PREFERRED QUALIFICATIONS:
- Experience with cloud-based architectures
- Experience with Engineering Review Boards and Change Management
- Prior experience with ICD 503
- Federal Information Security Management Act (FISMA)
- Xacta
- National Institute of Standards and Technology (NIST)