Overview/ Job Responsibilities Serves as a Cybersecurity Team member responsible for the Information Assurance and Security of application, database, RMF continuous monitoring, process engineering, tools and technology management, and enterprise network services. Responsible for activities associated with delivery of Cybersecurity policy implementation and network solutions associated with customer-defined systems and software projects; Responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture. This position is responsible for ensuring that all assigned work activities are performed in a timely, secure, compliant and cost-effective manner while maintaining the highest quality of performance. Basic responsibilities include: * Maintain Cybersecurity Program strategy * Apply information security in accordance with National/DoD/Army Directive security policy including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5 * Assess entire system lifecycle requirements and network security impacts * Support creation of, and ensure approval for, Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects * Support program and customer management, and government Authorizing Official (AO) for all information security status, policies, and procedures * Document DoD RMF Security Implementation Plan artifacts. Coordinate and assist development team with application artifact documentation * Assist government personnel in preparing and presenting Enterprise Mission Assurance Support System (eMASS) packages to the Control Assessor (SCA)Assess and analyze US-CERT, ACERT, and current threat environment; * Enhance - Implement Cybersecurity vulnerability/A&A hardening testing * Optimize - Cybersecurity development environment certification * Architect & Engineer security - develop security goals, capabilities, controls, and architecture * Design & Implement security - vulnerability management, build security into development * Integrate & Test Security - test patches and settings, document A&A artifacts * Validate & Verify security - validate patch status and software control status * Implement security - apply patches and security settings, performance incident handling and remediation * Maintain security posture - audit security settings, track security training, monitor threats, track reaccreditation * Enable assurance for information security during all phases of agile software development and deployment * Continuously evaluate and recommend innovative proven best business practices and tools to enhance defense-in-depth * Identify, assess, and recommend zero-day cyber threat remediation * Address Cybersecurity issues to help maintain Continuity of Operations Plan (COOP) * Perform information security vulnerability testing and mitigate any nonconformance * Create and manage Plan of Action & Milestones (POA&M) * Implement and validate Security Technical Implementation Guide (STIG) requirements for all development and implementation projects * Understand and assist developers with static code analysis processes * Utilization of cyber and development tools, e.g. Python, PowerShell, Docker, Pentest-tools, scripting XP, etc. Minimum Qualifications * Clearance: Must have an active Secret or higher security clearance * Education: College degree (B.S., M.S.) in Information Assurance, Computer Science, Information Management Systems or a related discipline * Certifications: 8570.01-M, IAT Level II: CCNA Security, CSA+ GICSP, GSEC, Security+ CE, SSCP; (ISC)2's CISSP; ISACA CISA, GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED); and/or CompTIA Advanced Security Practitioner (CASP) * Years of Professional Experience: 7+ years related technical experience * Demonstrated knowledge of National/DoD/Army Directive security policies including, but not limited to, DODI 8500.01, DODI 8510.01, NIST SP 800-30, NIST 800-37, NIST 800-53a, NIST SP 800-61, NIST 800-171, AR 25-2, and AR 380-5 * Have a deep technical understanding of Cybersecurity practices, Risk Management Framework, and have experience working in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. * Must have a working knowledge of enterprise class information assurance requirements, and network security and survivability. * Demonstrated experience with the Department of Defense (DOD) Risk Management Framework (RMF) Assess and Authorize (A&A) Process for development and sustainment projects * Demonstrated experience with HP Fortify Software Security Center * Demonstrated experience with Assured Compliance Assessment Solution (ACAS)/Tenable Nessus Vulnerability Scanner * Demonstrated familiarity and experience with Firewalls, Intrusion Prevention Systems, WebGateways, and/or enterprise Antivirus software technologies * Demonstrated experience using eMASS * Experience with Computer Network Defense (CND) processes, procedures, and tools * Experience with continuous integration tools and environments * Ability to identify and manage risk * Working knowledge of and ability to assist others in the use of information security provisioning and monitoring tools to support process improvement * Excellent written and verbal communication skills * Understanding of all elements of the DOD Cybersecurity policies and requirements * Highly responsible, team-oriented individual with very strong communication skills and work ethic; self-starter Desired Qualifications * Demonstrated knowledge and experience with ISO 27000 information security management principles * Ability to apply advanced principles, theories, and concepts, and contribute to the development of innovative IA principles and ideas * Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity, and resourcefulness * Experience with scripting languages such as Python, PowerShell, etc. About Sev1Tech LLC Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country. Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech For any additional questions or to submit any referrals, please contact: Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.