Cybersecurity Engineer

at  Scientific Research Corporation

MINIMUM SKILLS & REQUIREMENTS:

• 5+ years combined cybersecurity experience holding one or more of the following roles: ISSE, ISSO, ISSM, Validator (e.g. NQV), and/or Security Control Assessor (SCA)
• Minimum of 5 years of IT-related experience demonstrating competency with (1) attention to detail, (2) customer service, (3) oral communication, and (4) problem solving
• Bachelors Degree (e.g. Cybersecurity, Engineering, Computer Science, or related IT fields) and Active DoD 8570 Level II Certification (e.g. Security+ CE, CCNA Security, etc.)

DESIRED SKILLS & REQUIREMENTS:

• Knowledgeable with demonstrated cybersecurity experience in Risk Management Framework (RMF) including the following DoDI, NIST SP 800 series, CNSSI, and FIPS series
• Physical Security
• Assessment & Authorization (A&A)
• Policy Development
• Knowledgeable with Facility Related Control Systems (FRCS)/Industrial Control System (ICS) Compliance
• Skilled in the use of Enterprise Mission Assurance Support Service (eMASS) and/or XACTA
• Knowledgeable with Supply Chain Cyber Risk Management (SCRM)
• Skilled in compliance reporting with known vulnerabilities from alerts, advisories, errata, and bulletins
• Skilled in network security architecture concepts including topology, protocols, components, and principles with focus on producing deliverables in accordance with PPSM registration requirements and RMF processes
• Skilled in discerning the protection needs of information systems and networks with focus on identifying, tailoring, implementing, and testing RMF security controls, with practical mitigation statements
• Knowledge of current industry methods for evaluating, implementing, and disseminating in IT security assessment, monitoring, detection, and remediation tools and procedures
• Knowledge of cybersecurity principles and DoD requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, zero trust)
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)

ABOUT US

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.
Scientific Research Corporation offers a competitive salary, an extensive benefits package and a work environment that encourages excellence. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Scientific Research Corporation (SRC) is an advanced information technology engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC is searching for a well-rounded Mid-Level Cybersecurity Engineer test, analyze, evaluate, validate, and verify cybersecurity requirements for these systems to support the installation requirements for United States Space Command (USSPACECOM) command and control facilities. Work supporting USSPACECOM will be conducted at the government’s facilities in Colorado Springs, CO.

• Provides status updates on all cybersecurity architect, design, and implementation of managed and repeatable cybersecurity project controls in support of multiple USSPACECOM PMO C4/IT systems, enclaves, SCIF containers, MILCON projects, and cloud infrastructures
• Conducts reviews and provides feedback on vendor cyber submittal documentation to ensure FRCS/ICS compliance, encryption standards, shared/joint platforms, and DoD connectivity and interconnection standards are met
• Develops and implements best practices methodologies for secure installation of C4/IT equipment, assessment & authorization, policy & procedures, and vulnerability remediation
• Communicates and coordinates with various technology and business functional area support groups to specify hardware, software, ports & protocols, and network connectivity for USSPACECOM mission, business/production and test environments
• Analyzes changes affecting the organization’s Authorization to Connect (ATC) risk level and cybersecurity posture and report findings
• Ensures that security design & distribution actions are evaluated, validated, and implemented as required
• Ensures that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
• Evaluates development efforts to ensure that baseline security safeguards are planned for and appropriately installed
• Identifies alternative information security strategies to address organizational security objectives of cyber taskings
• Identifies IT security program implications of new technologies or technology upgrades
• Assists the command ISSM in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practices
• Reviews & recommends policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Develops, updates, and/or reviews ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
• Assess system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Coordinates with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventorie

Scientific Research Corporation (SRC) is an advanced information technology engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC is searching for a well-rounded Mid-Level Cybersecurity Engineer test, analyze, evaluate, validate, and verify cybersecurity requirements for these systems to support the installation requirements for United States Space Command (USSPACECOM) command and control facilities. Work supporting USSPACECOM will be conducted at the government’s facilities in Colorado Springs, CO.

• Provides status updates on all cybersecurity architect, design, and implementation of managed and repeatable cybersecurity project controls in support of multiple USSPACECOM PMO C4/IT systems, enclaves, SCIF containers, MILCON projects, and cloud infrastructures
• Conducts reviews and provides feedback on vendor cyber submittal documentation to ensure FRCS/ICS compliance, encryption standards, shared/joint platforms, and DoD connectivity and interconnection standards are met
• Develops and implements best practices methodologies for secure installation of C4/IT equipment, assessment & authorization, policy & procedures, and vulnerability remediation
• Communicates and coordinates with various technology and business functional area support groups to specify hardware, software, ports & protocols, and network connectivity for USSPACECOM mission, business/production and test environments
• Analyzes changes affecting the organization’s Authorization to Connect (ATC) risk level and cybersecurity posture and report findings
• Ensures that security design & distribution actions are evaluated, validated, and implemented as required
• Ensures that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
• Evaluates development efforts to ensure that baseline security safeguards are planned for and appropriately installed
• Identifies alternative information security strategies to address organizational security objectives of cyber taskings
• Identifies IT security program implications of new technologies or technology upgrades
• Assists the command ISSM in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practices
• Reviews & recommends policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Develops, updates, and/or reviews ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
• Assess system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Coordinates with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories

Requirements: