Cyber Engineer Sr

Job Description

Description

JOB DESCRIPTION

SAIC is looking to hire a Cybersecurity Analyst. : This position supports the Assessment and Authorization (A&A) cybersecurity efforts for NIWC PAC UAVIO project. The Cybersecurity Analyst will serve as a Risk Management Framework (RMF) Subject Matter Expert (SME) by preparing and submitting Assessment and Authorization packages for UAVIO following RMF processes using the web-based Enterprise Mission Assurance Support Service (EMASS). He/she will apply the disciplines of Computer Security necessary to perform Information System Security Audits, Information System Security Assessments, Risk Management Plans, and Security architectures. Personnel must possess experience with Security Technical Implementation Guides (STIGs) and the ability to justify the technical need for applying each setting in eMASS. In addition, the personnel must stay proficient and up to date in all IA training requirements and remain current with all IA related certification as required by NIWC PAC and DOD 8570. Additionally, personnel must provide engineering and technical support for the testing of systems, software, tools and products while identifying operational and functional requirements of system and develop a system security approach, which includes but not limited to defining potential threats, vulnerabilities, safeguards, and risk factors.

ROLES AND RESPONSIBILITIES:

• Support the RMF Accreditation and Authorization (A&A) process to include developing and maintaining POA&Ms and IA artifacts, SSP maintenance, and Risk Assessment Report (RAR) as the system technical Subject Matter Expert (SME).
• Apply the disciplines of Computer Security necessary to perform Information System Security Audits, Information System Security Assessments, Risk Management Plans, and Security architectures.
• Perform periodic auditing and continuous monitoring tasks to maintain security compliance.
• Ensure Department of Defense (DOD) security policies, standards, and procedures are enforced.
• Perform vulnerability scanning and device configuration assessment using Assured Compliance Assessment Solution (ACAS) software and applicable DoD STIGs to facilitate a compliant and secure system.
• Provide applicable STIG configurations and mitigations IAW DoD guidelines
• Conduct low to high file transfers.
• Attend meetings/teleconferences and provide status/update of assigned tasks.
• Maintain knowledge of Risk Management Framework (RMF) process, National Institute of Standards and Technology (NIST) Special Publications, CNSS Instructions, Federal Information Processing Standards (FIPS) publications, Committee on National Security Systems (CNSS) instructions, and any government policies and guidance related to securely protecting platform information technology (PIT)  systems.
• Stay proficient and up to date with IA and OPSEC DoD personnel training requirements.
• Possess and maintains CSWF related certification as required by NIWC PAC and DoD 8570.1 directive
• Provide experience of NIST SP 800-53, RMF implementation and provide recommendations in accordance with NIST FIPS 199.
• Monitor software compliance in the DoD Information Technology Portfolio Repository (DITPR) and DoN Application and Database Management System (DADMS).
• Help obtain an Authority to Operate (ATO) in accordance with guidance from the Navy Security Control Assessor (SCA), Navy Authorizing Official (NAO), and DoDI 8510.01 DoD Risk Management Framework (RMF).
• Provide metrics gathering/data analysis compliance with all cyber/A&A policies, audits and inspections.
• Monitor software compliance in the DoD Information Technology Portfolio Repository (DITPR) and DoN Application and Database Management System (DADMS).

Qualifications

TYPICAL EDUCATION AND EXPERIENCE: Bachelor's Degree in (STEM), or an Information Technology (IT) related field AND four (4) years of relevant work experience, OR High School Diploma or equivalent AND six (6) years of relevant work experience.

KEY SKILLS, KNOWLEDGE AND ABILITIES: 

Experience:

• Five years of demonstrated experience in Risk Management Framework (RMF) to include performing ALL of the following:
• Policy development and enforcement
• eMASS package development
• Assessment and Authorization (A&A) processes
• Information Assurance Vulnerability Management (IAVM) and Computer Task Order (CTO) process and reporting
• Testing and analysis of IA controls and secure configuration using the Assured Compliance Assessment Solution (ACAS)
• Analyzing system configuration per DISA STIG using STIGviewer, SCC, and OpenSCAP
• Demonstrated knowledge of RMF National Institute of Standards & Technology (NIST)
• MS Windows
• RHEL

Certifications:

• DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III

Requirements:

• Must be a US Citizen
• Active or interim SECRET Clearance

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.