System Engineer – Cyber Security
Gromelski and Associates, Inc. (GAI) partners with prime contractors to provide professional services. Key service areas include Engineering Design and Documentation; Software Development and Testing; System Integration, Testing and Evaluation; Lab Management and Field Installation; Integrated Logistics Support, Training Development and Delivery, Multimedia Support, and Technical System Support.
System Engineer - Cyber Security Job Description:
Assesses security controls to preserve the confidentiality, integrity and availability of information systems. Supports a Linux- based development team by assessing the systems for security vulnerabilities and provides direction based on risk assessment. Provides security engineering expertise to develop security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Performs assessment and authorization activities with government authorities and certification agents to obtain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems.
SECURITY CLEARANCE: Must have and be able to maintain a DoD Secret Security clearance.
System Engineer – Cyber Security Duties May Include:
· Evaluating requirements, selecting security controls, reviewing installation procedures.
· Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls.
· Tailoring and configuring security controls for specific product use, security assessment plan preparation, test procedure preparation, test execution and reporting.
· Performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration.
· Provides support as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Identify issues and recommend solutions.
· Conducting verification and validation of test procedures and script changes.
System Engineer – Cyber Security Required Skills:
· Experience with Linux (Red Hat) file systems, kernel design, and device-level driver integration.
· Experience with TCP/IP and Network domain knowledge.
· Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of using utilities such as SCAP and ACAS to identify system vulnerabilities.
· Run STIG scans
· Run ACAS scans
· Make recommendations about fixes for findings.
· Write up mitigation statements or explanations for things we can’t fix
· Familiarity with DISA STIGS and the ability to harden applications (e.g., OS, web server, database, etc.) in accordance with the recommended STIG guidance.
· Ability to effectively communicate with the Assessment and Authorization (A&A) authorities regarding security requirements and their implementation method.
System Engineer – Cyber Security Highly Desirable Skills:
· Experience working in an Agile/Sprint release planning environment including depth of understanding of providing impact analysis on testing as Sprint and releases are introduced to the integration environment.
· Existing certifications (e.g., Security+, CEH, Network+, CISSP, etc.).
System Engineer – Cyber Security Additional Requirements:
· Bachelor’s degree in Computer Science/Cyber Security or equivalent demonstrated experience in the field of cyber security/informational assurance.
· Candidate must have an active DoD Secret level security clearance to begin work.
· Proactive/self-starter. Task driven with ability to work independently.
· Team player that takes ownership and develops relationships that fosters team success.
Job: Full-Time Employee, 40 hours/week
Start Date: Negotiable
Job Location: Manassas, VA.
Gromelski & Associates is a proud Equal Opportunity/Affirmative Action employer. Equal Opportunity Employer/Minority/Female/Disability/Veteran. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender identify or expression, genetic information, age, or any other basis protected by law ordinance, or regulation.