Cybersecurity Engineer
Defense Unicorns · United States · 1 mo ago
RemoteRemoteInformation Technology$123k–$167k/yrFull-time
About the role
This position requires U.S. citizenship and will support all aspects of the RMF process from accreditation to establishing a cATO for the Software Factory implementation. The role involves championing modern, continuous security practices and accelerating the ATO process while improving security posture.
Responsibilities
- Leading and pathfinding the effort to achieve accreditation in accordance with NIST-800 series requirements.
- Developing and implementing cybersecurity policies, procedures, and controls necessary to meet DoD accreditation standards.
- Conducting comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks.
- Collaborating with cross-functional teams including software developers, system architects, and other Government stakeholders to integrate cybersecurity measures into the software development lifecycle.
- Performing security testing and evaluation of our software platform to identify vulnerabilities and weaknesses (STIGs, ACAS, CI/CD security testing, etc.).
- Providing guidance and support to ensure continuous monitoring and maintenance of cybersecurity controls.
- Preparing and maintaining documentation required for the accreditation process, including System Security Plans (SSPs), Security Assessment Reports (SARs), and other relevant artifacts.
- Staying up-to-date with evolving cybersecurity threats, technologies, and regulations to proactively address security challenges and compliance requirements.
- Serving as a subject matter expert on cybersecurity best practices, standards, and procedures within the organization.
- Supporting automated Compliance-as-Code capabilities that continuously evaluate the cybersecurity posture of the tech stack.
Qualifications
- Proven experience in cybersecurity engineering, with a focus on achieving accreditation for software systems within the DoD environment.
- In-depth knowledge of NIST-800 series standards, particularly NIST-800-53, and experience applying these standards to achieve accreditation.
- Skilled at translating technical implementation (infrastructure as code and configuration as code) into verifiable eMASS security control responses that Approving Officials (AOs) and their staffs can understand.
- Strong understanding of cybersecurity principles, technologies, and best practices, including encryption, authentication, access control, and secure coding practices.
- Hands-on experience with security assessment tools and techniques, such as vulnerability scanning and security analysis.
- Familiarity with software development methodologies and practices, particularly Agile and DevSecOps.
- Excellent analytical and problem-solving skills, with the ability to assess complex systems and identify security risks.
- Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders.
- Eligibility to obtain and maintain a DoD security clearance.
- Eligibility to obtain and maintain privileged access in a Government Cloud Environment (relevant training and/or certifications).
Preferred Experience
- Experience building and supporting continuous authority to operate (cATO) packages within the DoD.
- Experience with Open Security Controls Assessment Language (OSCAL).
- Familiarity with Department of the Air Force (DAF) security approval processes, including AFI 17-101.
- Familiarity with DAF Gov Cloud offerings and inherited controls in Gov Cloud environments.
- Familiarity with the Cloud Computing Security Requirements Guide (CC SRG).
Benefits
- Full compensation packages are based on candidate experience.
- Remote - USA $123,250—$166,750 USD