Cyber Security Engineer IV

Overview

For two decades, Millennium Corporation has been operating on the leading edge of cybersecurity. Our elite team of more than 400 experts has an unparalleled record of performance supporting Red Team Operations, Defensive Cyber Operations, Software Engineering, and Technical Engineering. With the largest contingent of contracted Red Team operators in the DoD, we provide an unmatched level of threat intelligence and battle-tested experience for customers in both the DoD and federal civilian markets.

What We Believe

We believe that diversity is a fact, inclusion is a choice.  At Millennium Corporation, we are inclusive. We celebrate multiple approaches and different points of view. We strongly believe that diversity drives innovation, and we are building a culture where differences are valued. We are always growing our programs and we offer tools to help our employees grow and manage their careers.

Millennium is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. Millennium promotes affirmative action for women, minorities, disabled persons, LGBTQ+ and veterans.

Responsibilities

Millennium Corporation is hiring a Cyber Security Engineer (Zero Trust) to work in Orlando, FL or Charleston, SC or New Orleans. The candidate must have an active secret clearance.

• Performs penetration tests and vulnerability assessments using the approved DoD vulnerability scanner, Defense Information systems Agency (DISA) Security Technical Implementation Guides (STIGs), Security Requirements Guides (SRGs) and other DoD/DoN software assurance security tools.  
• Implements operating systems and network devices security configuration in accordance with DISA approved security technical implementation guides and Security Requirement Guides.
• Performs Cybersecurity assessment procedures, security audits and risk analysis.
• Develop and update Program Protection Plans, Cybersecurity Strategies, and other security related acquisition documentation in support of programs.
• Ensure that security related provisions of the system acquisition documents meet all identified security needs.
• Develops mitigation strategies for DoD information systems.
• PreparesRMF artifacts and Memoranda of Agreement (MoA) with system owners for interface and networking implementations.
• Develops Cybersecurity related acquisition documents.  
• Identifies Common Criteria and National Information Assurance Partnership (NIAP) certified technologies.
• Evaluates Program Cybersecurity products in use by programs to validate compliance with DoD/DoN requirements.
• Participates in FLTCYBERCOM Designated Accrediting Authority collaboration calls.

• To provide critical, expert security engineering support, analysis, and guidance in relation to Zero Trust (ZT) on DoN Business Systems.

• Provide initial baseline assessments of all programs under PMW 240 (these will be conducted against the DoD mandated 91 target level activities), and identify gaps in each of the program, then identify a way forward for each of the programs to be in alignment with DoD/DoN Zero Trust policies.

• Work with PMW 240 programs to demonstrate alignment through metric reporting and identification of investments in ZT capabilities necessary and plans to achieve target level based on resourcing and program implementation plans NLT FY 27.

  - Assist with development and/or incorporation of security requirements, standards, and/or specifications into RMF artifacts and eMASS packages of all PMW 240 systems as required by the DoN Zero Trust Implementation Guide.

• May lead task and oversee the work of team

Qualifications

• Candidate must have an active secret clearance.
• Bachelor's degree and 8 years of engineering, computer science, or information technology experience including at least three (3) to six (6) years of Cybersecurity experience. 
• Experience in DoD Risk Management Framework (RMF) DoDI 8510.01. Possess DoD approved Baseline Certification as Information Assurance Manager, Level II in accordance with DoD 8570.01-M (i.e., CISSP, GLSC or CISM). Level I Familiarity Fundamental awareness and RMF familiarity gained through formal training in the development of one or more Security Authorization Package or past experience with DoD Assessment & Authorization (A&A).
• Zero turst and DevSecOps understanding.

Business Development

Assist with Business Development activities as required to support Millennium's strategic business objectives, which may include but not limited to participation in technical interviews, creation of technical documentation, general proposal writing support and proposal color reviews.

Physical Requirements

• Must be comfortable with prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 10-15 pounds at a time.

Travel Requirements

>10%