Cybersecurity Engineer

Role Description

As the cybersecurity engineer, you will be responsible for supporting all aspects of the RMF process from accreditation of the platform to establish a cATO for our Software Factory implementation. You will be expected to champion modern, continuous security implementations within DoD environments and systems (approval processes). Your perpetual goal will be to accelerate the ATO process while simultaneously improving our security posture, thus pushing for cultural change away from security theater and towards responsive and resilient systems. While working within the existing DoD processes, you will also work with other engineers to find the best paths forward and even contribute to capabilities and open source solutions to further streamline ongoing and future efforts.

Responsibilities

• Leading and pathfinding the effort to achieve accreditation in accordance with NIST-800 series requirements.
• Developing and implementing cybersecurity policies, procedures, and controls necessary to meet DoD accreditation standards.
• Conducting comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks.
• Collaborating with cross-functional teams including software developers, system architects, and other Government stakeholders to integrate cybersecurity measures into the software development lifecycle.
• Performing security testing and evaluation of our software platform to identify vulnerabilities and weaknesses (STIGs, ACAS, CI/CD security testing, etc.)
• Providing guidance and support to ensure continuous monitoring and maintenance of cybersecurity controls.
• Preparing and maintaining documentation required for the accreditation process, including System Security Plans (SSPs), Security Assessment Reports (SARs), and other relevant artifacts.
• Staying up-to-date with evolving cybersecurity threats, technologies, and regulations to proactively address security challenges and compliance requirements.
• Serving as a subject matter expert on cybersecurity best practices, standards, and procedures within the organization.
• Supporting automated Compliance-as-Code capabilities that continuously evaluate the cybersecurity posture of the tech stack.

The listed responsibilities are not exhaustive and additional responsibilities may be assigned based on the evolving needs of the organization. We are seeking a dynamic individual who is able to adapt and take on new responsibilities as they arise.

Preferred Experience and Qualifications

• Proven experience in cybersecurity engineering, with a focus on achieving accreditation for software systems within the DoD environment.
• In-depth knowledge of NIST-800 series standards, particularly NIST-800-53, and experience applying these standards to achieve accreditation.
• Skilled at translating technical implementation (infrastructure as code and configuration as code) into verifiable eMASS security control responses that Approving Officials (AOs), and their staffs, can understand.
• Strong understanding of cybersecurity principles, technologies, and best practices, including encryption, authentication, access control, and secure coding practices.
• Hands-on experience with security assessment tools and techniques, such as vulnerability scanning and security analysis.
• Familiarity with software development methodologies and practices, particularly Agile and DevSecOps.
• Excellent analytical and problem-solving skills, with the ability to assess complex systems and identify security risks.