Cyber Security Analyst Engineer RMF FISMA with Active Clearance
Job Summary:Our client is seeking a CyberSecurity Engineer or Analyst with solid understanding of RMF (Risk Mnagement Framework) and NIST or FISMA and DOD Cyber Security priniciples. This Cyber Security Analyst / Engineer will provide critical support in developing and maintaining the cybersecurity posture of a current Department of Defense (DoD) information system. Candidates will be asked to develop customized technical solutions to unique problems while maintaining the system accreditation throughout the system' s lifecycle. Candidates will apply vulnerability patches and DISA STIG configurations to obtain and maintain a Risk Management Framework (RMF) Authority to Operate (ATO). Candidates may provide cybersecurity engineering support to DoD software application development activities through determining minimum security requirements and performing application software scanning activities.
Essential Job Functions:
- Maintain the security posture of the information system through applying periodic STIG configuration and Vulnerability patch updates
- Define cybersecurity requirements for software applications to meet program requirements and objectives.
- Contribute in performing self-assessments of information systems using manual and automated compliance tools in support of obtaining or maintaining a DoD RMF ATO.
- Propose justification and mitigating countermeasures to reduce or eliminate risk level of an identified vulnerability.
- Perform technical implementation if security functionality to comply with NIST SP 800-53A controls and ensure the protection of computer systems, networks, and information.
- Propose creative technical and procedural solutions to effectively secure information systems without introducing significant operational overhead.
- Validate security components are operating efficiently and are providing the expected insight into the information system
- Experience implementing security functionality that complies with NIST SP 800-53 security controls.
- Hands-on experience configuring and navigating applications on Linux and Windows operating systems
- Hands-on experience with network security tools and networking protocols
- Thorough understanding of enterprise security principles and best practices
- A self-motivated drive for learning new technologies and an interest in professional growth
- A strong understanding of multiple major object-oriented languages (C++, Java, etc.) and multiple scripting languages (BASH, PowerShell, Python, etc.)
- Experience with source-code analysis tools and with software development lifecycle approaches.
- Experience with enterprise management tools and concepts such as DNS, LDAP, NTP, SAN
- Experience with virtualization solutions (VMware, Hyper-V, RedHat Virtualization)
- An active Information Security related certification (Security+, CCNA Security, CEH)
- An active SECRET Security Clearance