Security Engineer, Senior

at  Chenega MIOS

RESTON, VA

At Cyberstar, we aim to analyze and boost human and business performance through the implementation of business process redesign and information technology (IT) modernization to include data analytics and cloud computing.
We offer an alternate solution to improving the quality and effectiveness of business operations. In an ever-changing economy, Cyberstar helps companies better read and understand their market data through the synchronization of process innovation, human dynamics, analysis, and the integration of data technology capabilities, to ensure functional optimization in their business.
Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!
The Senior Security Engineer shall have relevant IT or consulting experience with a preferred focus on IT security policies, architectures, and/or standard operating procedures, or experience in an information security or information assurance role and direct experience with information security and delivering RMF and security assessment activities following NIST SP 800-37 (as amended).

QUALIFICATIONS

• Bachelor’s degree and 4+ years relevant experience OR
• Master’s degree and 3+ years relevant experience OR
• High school diploma or GED equivalent and 6+ years relevant experience.
• Industry-recognized technical certification accepted instead of 2+ years of experience.
• Background check required.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Complete knowledge and working experience in the technical security assessment of IT systems, network infrastructures, and industrial control systems. Thorough knowledge of standard methodologies used in the A&A process.
• Must have detailed experience in NIST A&A/RMF guidelines and industry best practices for Risk Assessment and Management, Vulnerability Analysis, Contingency Planning/Disaster Recovery, Configuration Management, Security Assessments, and developing Mitigation Plans. Must have experience conducting technical security assessments of complex information systems with minimal to no supervision.

• Conduct security assessments of Federal information systems following NIST SP 800-37 and 800-53 (as amended) guidance.
• Develop security authorization packages for newly developed systems.
• Coordinate all aspects of the effort with identified points of contact, working with a high degree of independence.
• Collaborate with information system owners, security officers, developers, and IT operations personnel to conduct system security categorizations following NIST SP 800-60 and FIPS 199 requirements (as amended).
• Document security control selections and apply control tailoring guidance following NIST SP 800-53 and NIST SP 800-18 (as amended).
• Develop initial system security plans and contingency plans aligned with organizational policies and NIST SP 800-18, NIST SP 800-34 (as amended), and security best practices.
• Provide recommendations to organizational stakeholders for preliminary POA&M remediation and application of security engineering principles (NIST SP 800-27 Rev. A).
• Develop security assessment plans, carry out security assessments of all selected management, operational, and technical security controls, and document the results of the assessment and a concurrent risk assessment in a Security Assessment Report (SAR).
• Develop POA&M Reports including all identified weaknesses, recommended actions for remediation or mitigation, and provide weakness criticality ratings based on the risk assessment results. Provide multi-discipline security administrative and technical security support to the organizational Continuous Monitoring Program. Areas of responsibility include Physical, Computer, Personnel, Information, Administrative, Operational, and Communications Security analysis, assessment, and reporting.
• Continuous monitoring program support and strategic security control implementation and assessment.
• Other duties as assigned.