Lead Cyber Security Engineer (RMF & EMASS)

SSi is seeking a Lead Cyber Security Engineer who specializes in RMF, EMASS and handling ATO packages. This role requires a DoD clearance.

Location: US-CO-Colorado Springs

Responsibilities:

• Plan, perform, analyze, and report on compliance with designated security controls using a test environment as well as Assured Compliance Assessment Solution (ACAS) scans.
• Implement vulnerability compliance actions to ensure the safety of SEWS data.
• Ensure all Information Security Continuous Monitoring (ISCM) tasks are completed on time.
• Monitor, assess, and report system security vulnerabilities, document corrective actions, and implement preventative actions to minimize the security vulnerabilities.
• Identify and analyze emergent cybersecurity technologies and systems engineering methods to improve the system’s cybersecurity posture.
• Perform testing to ensure security controls are implemented correctly and ensure the security of SEWS data.
• Perform testing of all upgrades to ensure cybersecurity compliance prior to installation of new equipment.
• Assess, remediate, mitigate, and document/track risks associated with cybersecurity vulnerabilities.
• Perform Security Impact Assessments on all system changes and events to identify and document and impacts to cybersecurity.
• Validate systems are configured securely as part of testing initiatives.
• Document corrective actions or proposed changes to cybersecurity functionality.
• Create, manage, and delete user accounts, profiles, and policies on SEWS systems.
• Support incident detection and preliminary response actions to security incidents.
• Work with a team of engineers to ensure all SEWS equipment is properly STIG’d and ensure patching is completed in a timely manner.
• Perform ATO package and control compliance reviews in eMASS and maintain the POA&M.

Qualifications:

• Master’s or Bachelor’s degree in an IT- or cyber-related field.
• Minimum of 10 years of cyber-related experience
• Must have an active Secret clearance.
• Security+ certification at a minimum, CISSP preferred.
• Experience with ACAS, ESS, and other compliance tools/techniques.
• Experience with Elastic, Splunk, or other log collection tools
• Experience with eMASS
• Robust understanding of Risk Management Framework (RMF) security controls.
• Experience investigating security incidents.