Senior Cybersecurity Engineer (SME) with DevSecOps

Senior Cybersecurity Engineer (SME) with DevSecOps

Location: Dulles, VA

Must have an active Secret Security Clearance

Node is supporting a U.S. Government customer on a large mission-critical development and sustainment program to design, build, deliver, and operate a network operations environment, including introducing new cyber capabilities to address emerging threats.

Node is seeking a Senior Cybersecurity Engineer (CSE) Subject Matter Expert (SME) with DevSecOps experience to support the identification, implementation, and documentation as well as support the deployment of advanced cybersecurity capabilities.

The Senior CSE SME role is to effectively support Authorization and Accreditation (A&A) efforts through cyber risk assessment, policy analysis, National Institute of Standards and Technology (NIST) security control validation, and DHS 4300A system requirements. Provide expertise through recommendations associated with cybersecurity security test and evaluation, system vulnerability and compliance in support of Authorization and Accreditation (A&A) as well as continuous monitoring throughout the System Development Life Cycle within our digital environment e.g. Azure, AWS.

Responsibilities Include:

• Identify security requirements for a system;

• Ensure security requirements are planned, implemented, and tested; Support vulnerability testing of all code before submitting to Security, Testing and Evaluation (ST&E)

• Responsible for reviewing and commenting on security risks and security issues related to any Change Requests, Infrastructure Change Requests, and Configuration Change Requests

• Responsible for reviewing Port Open Requests (PORs)

• Review and input into the CONOPS

• Work with the ISSOs to gather security controls and documents to include writing and management updates with subject matter experts

• Responsible for any technical insertions

• Responsible for reviewing and tracking POA&Ms

• Pre-ST&E testing when able/applicable

• Work with the ST&E team to ensure the testing target is accessible and ready (Checklist and regular meetings)

• Work with ISSO, ISSE, and Security Control Accessors (SCA) to verify security approach in support of an ATO/ATP decision

• Work with the vulnerability management team to access and test the target (app/system)

• Work with the team to ensure the compliance and vulnerability findings are remediated, (or mitigated

• Monitor IAVM notifications from multiple channels and ensure actions for relevant issues are planned and implemented

• Take action to ensure the security of the development environment

Requirements

Required Skills:

• U.S. Citizenship

• Active Secret (S) clearance. Must be able to obtain a TS/SCI clearance

• Must be able to obtain DHS Suitability

• 8+ years of directly relevant cybersecurity engineering experience

• 2+ years experience with Agile software development programs

• Experience in intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis

• Experience with standard security principles, policies, and industry best practices

• Practical experience hardening IT systems in compliance with STE/STIG guidelines

• Experience and knowledge of networking (TCP/IP, topology, sockets, and security), operating systems (Windows/UNIX/Linux), and web technologies (Internet security)

Desired Skills:

• Understanding of security technologies and concepts, experience in the design and implementation of secure network solutions including DMZs and web portals

• Knowledge of Information Assurance and Information Operations technologies and development activities

• Understanding of the processes and guidelines for Authorizing & Accrediting (DCID, ICD, NIST 800-53, SANS 20) information systems based upon experience on a large-scale development program

• Possesses or quickly develop a comprehensive understanding of Government Information Security policies, regulations, and guidelines

Required Education:

• Bachelor’s degree in Cyber Security, Information Security, Software Engineering, or a related discipline is required. [Ten (10) years of experience (for a total of eighteen (18) or more years) may be substituted for a degree

Desired Certifications:

• Certified Information Systems Security Professional (CISSP) certification is required.

• DoD 8570 IAM Level II certification required.

• Certified Ethical Hacker (CEH) certification desired.

Company Overview:

Node.Digital is an independent Digital Automation & Cognitive Engineering company that integrates best-of-breed technologies to accelerate business impact.

Our Core Values help us in our mission. They include:

OUR CORE VALUES

Identifying the~RIGHT PEOPLE~and developing them to their full capabilities

Our customer’s “Mission” is our “Mission”. Our~MISSION FIRST~approach is designed to keep our customers fully engaged while becoming their trusted partner

We believe in~SIMPLIFYING~complex problems with a relentless focus on agile delivery excellence

Our mantra is “~Simple*Secure*Speed~” in the delivery of innovative services and solutions

Benefits

We are proud to offer competitive compensation and benefits packages to include

• Medical
• Dental
• Vision
• Basic Life
• Long-Term Disability
• Health Saving Account
• 401K
• Three weeks of PTO
• 10 Paid Holidays
• Pre-Approved Online Training