Cyber Engineer Principal
SAIC · San Diego, CA · 5 days ago
Engineering$160k–$200k/yrFull-time
Cybersecurity Engineer
SAIC is seeking a Senior Cybersecurity Engineer to support strategic communications programs within the Department of Defense (DoD).
Job Duties
- Cybersecurity Compliance and RMF Activities
- Propose, coordinate, implement, and enforce all DoD/DoN cybersecurity policies, standards, and methodologies for the operational environment (OE), software applications, and government test tools.
- Perform risk assessments in support of RMF lifecycle activities and implement continuous monitoring plans to sustain ATO.
- Aid with annual security reviews, re-authorizations, and compliance with ATO stipulations.
- Vulnerability Management and Mitigation
- Conduct vulnerability assessments using tools such as ACAS, SCAP, and other automated tools to ensure compliance with DISA Security Technical Implementation Guides (STIGs).
- Develop and update cybersecurity baselines, including monthly security patching, system lockdowns, and configuration updates.
- Conduct independent cybersecurity scans and audits to verify the security posture of systems before and after new configurations are implemented.
- Baseline Development and Testing
- Develop Cybersecurity Baseline Test Plans (CSBTP) and Cybersecurity Baseline Test Reports (CSBTR) to document critical patching activities and ensure tested functionality.
- Identify and mitigate security vulnerabilities or programming flaws that could be exploited to compromise system integrity or availability.
- Support the development of test plans and associated documentation (CDRLs) for delivery to Configuration Management (CM) managers and stakeholders.
- Stakeholder Collaboration
- Collaborate with CS teams to resolve findings and integrate RMF requirements throughout the system lifecycle.
- Provide technical leadership to other cyber staff, ensuring cohesive execution of cybersecurity efforts and compliance with emerging DoD directives.
- Prepare and deliver documentation—including monthly vulnerability scan reports, risk mitigation strategies, and policy updates—to government stakeholders to achieve mission milestones.
- Process Improvement and Innovation
- Identify and refine cybersecurity processes to ensure sustainment of the OE, software applications, supporting tools, and infrastructure.
- Enhance early detection mechanisms by incorporating automated benchmarks and efficient review processes for baseline updates.
- Develop innovative solutions for emerging cybersecurity requirements within DoD/DoN frameworks.
Qualifications
- Clearance: Must have an Active Secret Clearance to start. Must be able to obtain a Top Secret Clearance after start.
- Citizenship: U.S. Citizen
- Education and Experience:
- Bachelor's degree and nine (9) years or more experience; Masters and seven (7) years or more experience; PhD or JD and four (4) years or more related experience.
- Nine (9) years or more experience in Information Assurance, Cybersecurity Engineering, or a related discipline.
- Five (5) years or more hands-on experience designing, implementing, or supporting hardened IT systems in classified or high-security environments.
- Extensive Knowledge of RMF and ATO processes, including experience in creating, reviewing, and managing RMF documentation (SSPs, POA&Ms, Security Assessment Plans).
- Experience with DoD vulnerability scanning tools (e.g., ACAS, Nessus, SCAP) and compliance with DoD standards, such as DISA STIGs.
- Strong understanding of security baselining, secure configuration management, and continuous monitoring practices.
- Strong scripting/programming skills (Python, Bash, PowerShell, C/C++).
- Experience with hardware security modules (HSM), TPM, and PKI implementation.
- Familiarity with virtualization/containers in secure contexts (VMware ESXi, Hyper-V, Docker with hardened builds).
- Proven experience in resolving critical security vulnerabilities and supporting accreditation/re-accreditation activities.
- Certifications: IAM Level II or III certification in accordance with DoD 8570.01-M (e.g., CISSP, CAP, or CISM).
Desired Skills:
- Hands-on experience with NIWC Pacific or Navy organizations.
- Familiarity with National Information Assurance Partnership (NIAP) and Common Criteria technologies.
- Expertise in drafting and implementing Security Technical Implementation Guides (STIGs) for custom applications.
- Experience working with Configuration Management (CM) teams to manage software artifact delivery.
- Strong analytical and communication skills to interact with multidisciplinary teams and senior leadership effectively.
Target salary range: $160,001 - $200,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.