Senior Cyber Security Engineer to join the Cyber Security Engineering team securing some very interesting systems. The position provides secure software cybersecurity expertise; as well as guiding the secure implementation of databases. This position requires work on-site at the Boulder location. The successful candidate is expected to have proven experience implementing secure coding standards, the Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (ASD STIG), database security, Python coding, and experience with the Risk Management Framework (RMF) process and artifact development leading to a successful Authorization to Operate (ATO). Continuous Integration / Continuous Deployment (CI/CD) pipeline and DevSecOps experience is highly desired; as is the ability to effectively perform in a dynamic, agile development environment.
Responsibilities to Anticipate:
• Evaluate and monitor Commercial off the Shelf (COTS), Government off the Shelf (GOTS) systems, Free and Open Source (FOSS) software, and other software to ensure their use meets requirements and applicable security controls.
• Preparing documentation (artifacts and bodies of evidence) to support assessment and authorization (A&A) activities necessary to ensure system sustained Approval to Operate (ATO)
• Audit security controls and provide technical direction and assistance with corrective or mitigation actions.
• Perform/analyze compliance scans and generate reports (e.g., STIG, SCAP, SCA, vulnerability scans, etc.).
• Review and recommend updates to software development plans, procedures, and processes to ensure secure coding standards are robustly implemented.
Clearance Requirement: Must be a US Citizen with an active DOD Secret clearance. Top Secret/SCI Clearance is preferred.
Basic Qualifications:
• Experience with cyber security engineering projects and programs for U.S. Government clients
• Typically requires a Bachelor's degree in Science, Technology, Engineering or Mathematics (STEM) and 5+ years of engineering experience in cyber security
• Experience with Risk Management Framework (RMF), NIST 800-37, Continuous Monitoring IAW NIST 800-137, Patching IAW NIST 800-40, NIST 800-53 and CNSSI 1253
• Experience with vulnerability assessment and analysis experience utilizing Assured Compliance Assessment Solution (ACAS) and DISA STIGs
• Develop and augment automation through scripting or programming and collaborating w/ teams for security functionality to meet cyber requirements
• Required Security Certification in accordance with DoD 8570.01 IAT-II for a Linux environment (e.g., Security+ CE and Linux OS Certification); NOTE: Obtaining Security+ certification is required at start
Hours: Monday-Friday, 8:00am to 5:00pm
Location: Aurora or Boulder Colorado United States
Additional Job Details:
Preferred Qualifications:
• Knowledge of secure coding practices and enforcement through DevSecOps pipelines
• Hands on experience in manual hardening and system compliance
• Understanding of security design concepts with ability to develop solutions to moderately complex IS compliance and security problems
• Experience with Agile, Scrum, HW and SW life-cycle management, & engineering change proposal processes
• Hands-on technical experience with documented skills and experience in the following areas: Linux system administration, COTS and FOSS patch management/deployment experience • Excellent verbal and written communication skills including via collaboration tools; a polished presenter; an ability to establish a strong rapport with teammates, and able to work with members of diverse teams.
• Ability to establish tasks and objectives and ensure the entire team understands and can work towards the vision and objectives
• Ability to work in a team environment and work collaboratively across traditional engineering disciplines
• Must be a self-starter capable of multitasking and efficiently managing your time
ANY GRADUATE