We are hiring a Cyber Security Engineer, supporting our program at US STRATCOM onsite in Bellevue, Nebraska.
What you'll do:
Information Technology Capabilities Contract (ITCC II) Cyber Security Engineering (CSE) team members are responsible for providing direct cybersecurity support for ITCC II engineering efforts and assigned projects to meet the needs of customers and project stakeholders through cyber security analysis of system vulnerabilities and artifacts across multiple technologies and networks. CSE team members also contributes to the development of technical solutions to help in identifying cybersecurity requirements.
The CSE team ensures the implementation and documentation of the Risk Management Framework (RMF) Assessment and Authorization (A&A) activities by ensuring cybersecurity policy adherence, directly supporting project technicians and engineers, participating in project meetings and activities, and delivering cradle-to-grave assistance to project teams. Daily tasks include, but are not limited to:
• Use Tenable Nessus Assured Compliance Assessment Solution (ACAS) to perform vulnerability correlation for findings discovered in scans to support RMF A&A and Vulnerability Management requirements
• Maintain working knowledge of applicable Security Technical Implementation Guides (STIGs), cyber defense policies, regulations, and compliance documents related to cyber defense auditing
• Review project requirements to identify potential security vulnerabilities during all phases of development in accordance with DoD, NIST, USCYBERCOM and USSTRATCOM security policies and guidance
• Assist engineers with developing required security documentation such as Interim Authority to Test (IATTs), System Security Plan (SSP) Change Requests (SCR), Plans of Action and Milestones (POA&Ms)
• Assist engineers with research on STIG findings, hardening requirements, and potential mitigations
• Support project managers in the communication and tracking of cybersecurity requirements, along with potential cybersecurity roadblocks in an effort to assist the project meet contractual milestones
• Comprehensively review IATTs, SCRs, STIG findings, vendor hardening guides, POA&Ms and various memos for completeness and any possible security concerns
• Communicate technical and security-related information effectively, in both oral and written form, to administrators, engineers, program managers, government personnel, and senior leaders
• Create, route, and monitor workflow packages to ensure A&A documentation meets requirements
• Work directly with system/enclave Information System Security Managers (ISSMs), System Owners, Security Control Assessors (SCAs) and other security teams on security related issues regarding assigned projects
• Provide security oversight and guidance to engineering teams to ensure systems are properly configured, tested and comply with cyber security best practices
• Research to understand new products and Information Assurance practices
• Leverage working knowledge of the current environment to educate and train, as necessary
• Utilize and navigate Microsoft products such as Word, Excel, Teams, and SharePoint in carrying out daily tasks