Cyber Security Engineer Iii

Job Summary
VSolvit is seeking an Cyber Security Engineer III (Information Systems Security Engineer) to support the Program Executive Office (PEO) Manpower, Logistics, and Business Solutions (MLB) which manages the Logistics (LOG) Information Technology (IT) portfolio. This portfolio is composed of 300+ afloat and ashore IT systems/applications with 150,000+ users across all Naval Systems Commands (SYSCOMs) and Naval Operational Forces (NOF) to include ships, carriers, submarines, USN/USMC aviation squadrons, and Naval Expeditionary Forces. The United States Coast Guard (USCG) is a joint user of LOG IT capabilities and is part of the program requirements. LOG IT enables essential business operations for various capability groups.
This role will provide cybersecurity support for US Navy systems on Risk Management Framework (RMF) Authorization packages as well as conducting monitoring services. As a Cybersecurity Engineer III, you will play a critical role in planning, developing, and implementing cutting-edge solutions to enhance security measures and safeguard against various cyber threats, including hacking, malware, ransomware, and insider threats. Your expertise will be instrumental in overseeing the monitoring of computer networks, proactively identifying security issues, and anticipating potential breaches.
Details
Plans, develops, and implements proven high-tech solutions to increase security and defend against hacking, malware and ransomware, insider threats, and other types of cybercrimes. Oversees monitoring of computer networks, identifies security issues, and anticipates security breaches. Executes the installation and maintenance of security programs, plans, and software, including firewalls and data encryption programs. Assures protection of the organization's data and infrastructure by enabling the appropriate security controls. Investigates and analyzes security breaches and Cyber Security incidents to determine the source of the issues, and assesses the damaged caused. Documents all parts of security incidents or breaches. Performs assessments and penetration tests to identify network and system vulnerabilities, troubleshoots security and network problems, determines the best way to avoid them, and responds to system or network security breaches. Oversees security technology and audit or intrusion systems. Develops and handles secure network solutions to protect against advanced persistent threats. Keeps abreast of industry security trends and developments, as well as applicable government regulations.
As with any position, additional expectations exist. Some of these are, but are not limited to, adhering to normal working hours, meeting deadlines, following company policies as outlined by the Employee Handbook, communicating regularly with assigned supervisor, and staying focused on the assigned tasks.
Responsibilities

• Plans, develops, and implements proven high-tech solutions to increase security and defend against hacking, malware and ransomware, insider threats, and other types of cybercrimes.
• Oversees monitoring of computer networks, identifies security issues, and anticipates security breaches. Executes the installation and maintenance of security programs, plans, and software, including firewalls and data encryption programs.
• Assures protection of the organization's data and infrastructure by enabling the appropriate security controls. Investigates and analyzes security breaches and Cyber Security incidents to determine the source of the issues and assesses the damaged caused.
• Documents all parts of security incidents or breaches.
• Performs assessments and penetration tests to identify network and system vulnerabilities, troubleshoots security and network problems, determines the best way to avoid them, and responds to system or network security breaches.
• Oversees security technology and audit or intrusion systems. Develops and handles secure network solutions to protect against advanced persistent threats. Keeps abreast of industry security trends and developments, as well as applicable government regulations.
• Provide technical support to develop and deliver IT business solutions System Security Authorization Agreement (SSAA) to achieve A&A approval of IT Support systems IAW Risk Management Framework (RMF) and other Naval applicable standards.
• Develop Security Requirements Traceability Matrix (STRM), aligning security requirements with the individual components of a system.
• Provide automated and manual validations of Information Assurance Controls (IACs) and Validation Procedures (VPs) in accordance with the DoD Guidelines, CNSSI 1253 and/or NIST 800-Publications.
• Coordinate with system owners and development teams concerning RMF process and solutions.
• Produce documentation about IA Controls for application development teams, support and provide guidance on IA Control mitigation.
• Utilize eMASS and ensure all checks of systems and applications for IA vulnerabilities using approved automated IA tools (ACAS, SCAP-compliant scanners, DISA STIG Viewer, etc.), custom scripts and manually (Security Technical Implementation Guides [STIGS]) is documented.
• Document raw findings in a quick look report, for customer notification. Create and maintain system Plan of Action and Milestones (POA&M).
• Produce weekly security briefs and reports for delivery to stakeholders and senior management.
• Review cloud, commercial, and government system cybersecurity implementation, document/assess results, and provide a recommendation concerning risk and authority to operate.
• Consult on current RMF status to achieve an ATO award and upcoming projects covering all levels of IT Security.

Basic Qualifications

• US Citizenship Required.
• Ability to obtain interim secret clearance OR hold Active DoD Secret Clearance to Qualify (Favorable T3 Equivalent Background Investigation).
• Valid Security+, CISSP, or equivalent certification (Minimum: DoD 8570.1-M IAT Level II); ability to attain certification(s) within 1 month from start date is required.
• Bachelor’s degree in Computer Sciences, Computer Information Systems, Cyber Security, Engineering, Information Assurance, Information Management, Information Systems, Information Security, or Information Technology.
• Experience providing cybersecurity support for the Department of the Navy.
• Minimum eight (8) years of experience in providing cybersecurity support in the areas of security compliance, system monitoring, enabling security controls, performing assessments and penetration testing, risk assessments and audits, creating security documentation, investigating, analyzing, and documenting security breaches and Cyber Security incidents, and keeping abreast of industry security trends and developments, as well as applicable government regulations.
• Experience with USMC Risk Management Framework (RMF) – Marine Corps Certification and Accreditation Support Tool (MCCAST) and USN Risk Management Framework (RMF) – Enterprise Mission Assurance Support System (eMASS).
• Experience using eMASS, STIGViewer, eMASSTer and other DoD approved tools (ACAS, SCAP-compliant scanners, etc.).
• Must possess experience leading RMF (Risk Management Framework) and NIST compliance to ATO (Authority to Operate) processes on both IA systems in Development and Production.
• Must have experience with DoD-specific (Department of Defense) Information Assurance protocols, policies, & procedures.
• Experience presenting to clients or management to present technical and non-technical information to allow key personnel to make informed decisions.
• In-depth knowledge of cybersecurity principles and best practices.
• Experience in planning, implementing, and managing security solutions.
• Proficient in conducting vulnerability assessments and penetration tests.
• Strong analytical and problem-solving skills.
• Excellent communication and documentation skills.
• Ability to stay updated on industry trends and regulatory requirements.

Preferred Qualifications

• Understanding of securing containerized applications/systems.
• Understanding of RAISE 2.0 cybersecurity processes.
• Understanding of Federal Information System Controls Audit Manual (FISCAM) methodology, control activities, techniques, and execution in support of audit readiness.
• High-level knowledge of DevSecOps and cloud (AWS or similar) within a DoD environment.
• Experience performing in an Information Assurance or Cyber Security capacity working with DevOps or DevSecOps engineers within cloud environments (AWS, Azure, PCF or similar).
• Experience with Continuous-ATO.
• Understanding of cyber defensive architecture and technologies required to protect, detect, and respond to cyber threats.
• Proven track record in developing and implementing security solutions.
• Expertise in firewall configuration, intrusion detection/prevention, and encryption.
• Familiarity with SIEM systems and networking protocols.

Company Summary
Join the VSolvit Team! Founded in 2006, VSolvit (pronounced 'We Solve It') is a technology services provider that specializes in cybersecurity, cloud computing, geographic information systems (GIS), business intelligence (BI) systems, data warehousing, engineering services, and custom database and application development. VSolvit is an award winning WOSB, CA CDB, MBE, WBE, and CMMI Level 3 certified company. We offer a customizable health benefits program that best meets the needs of its employees. Offering may include: medical, dental, and vision insurance, life insurance, long and short-term disability and other insurance products, Health Savings Account, Flexible Spending Account, 401K Retirement Plan options, Tuition Reimbursement, and assorted voluntary benefits. Our goal is to grow together and enjoy the work that we do as a team.
VSolvit LLC is an Equal Opportunity/Affirmative Action employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status.