Cyber Security Engineer
The Cybersecurity Engineer provides support to the Department of Health and Human Services (HHS), Program Support Center (PSC), Defense Security Cooperation Agency (DSCA), Information Technology (IT) Division, Software Assurance and Security Engineering, Systems Security Architecture, Assessment and Authorization and Information Systems Security Manager. This position performs cybersecurity compliance of the program, organization, system, or enclave and provides assistance in developing and writing, codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
Bachelor's degree in Computer Science or a related field of study and a minimum of ten (10) years’ relevant experience, or equivalent combination of education / experience. Five (5) years’ experience in managing IT projects or programs focused on interpreting and applying DoD CS policy and guidance to operational DoD IT environments. Demonstrated experience monitoring application and system security configurations and auditing IT systems and networks for compliance. Experience with Red Hat Linux Enterprise OS, Current UNIX OS, VMWare security, Oracle Database Security, MS SQL Database Security, MS Access Database Security, and Host Based Security System (HBSS). Secret clearance required.
Demonstrated skills and experience in at least 8 of the following 15 areas of expertise is required:
(1) Current Microsoft server and workstation OS security configurations
(2) Current Red Hat Linux Enterprise OS security configurations
(3) Current Unix OS security configurations
(4) Current Microsoft server and desktop application security
(5) VMWare security
(6) Database security (e.g. Oracle, MS SQL, and MS Access)
(7) Border device security (e.g. firewall, VLANs, IP Sub-Netting, Ports, and Protocols)
(8) Encryption standards
(9) Vulnerability scanning using approved DoD scanner
(10) Application code scanning with Fortify or other industry standard product
(11) HBSS monitoring
(12) Auditing (e.g. system accounts, security logs, system and network anomalies)
(13) Working knowledge of DoD Components
(14) Metrics – capture and documentation
(15) Technical writing – technical documents and user training materials
ESSENTIAL DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include the following. Other duties may be assigned.
Responsible for the integration of CNI Core Competencies into daily functions, including: commitment to integrity, knowledge / quality of work, supporting financial goals of the company, initiative / motivation, cooperation / relationships, problem analysis / discretion, accomplishing goals through organization, positive oral / written communication skills, leadership abilities, commitment to Affirmative Action, reliability / dependability, flexibility and ownership / accountability of actions taken.
Completes and submits a Project Plan identifying how to execute the tasks, who will complete each task, and a timeline of completion for each task.
Provides a comprehensive risk management plan to address, identify, assess, and provide prioritization of risks (including how risks will be recorded, reported, and mitigated. Monitors the plan and provide updates to the Project Manager.
Assists with coordinating an annual security awareness activity, generally held between June and November, intended to raise security awareness among users of DSCA-managed networks.
Provides operational risk management support for CS-managed systems including varying security classifications, architectures, mobile devices, Virtual Private Networks (VPNs) and other remote access architectures and technologies, including Secure Socket Layer (SSL)/Transport Layer Security (TLS).
Evaluates computer system and network security risks and determines methods to reduce, mitigate, or eliminate risk.
Identifies threats, vulnerabilities, and attacks, and then takes corrective action to minimize impact to system and network resources.
Provides Risk Assessment Reports to include the information security risk to organizational operations and assets, individuals, other organizations, or the Nation that derive from the operation and use or organizational information systems and the environments in which those systems operate.
Performs validation steps, comparing actual results with expected results and analyzes the differences to identify impact and risks.
Maintains and make available to the customer, a log of all security control validations performed, including dates, times, and names of personnel who performed the work.
Report any anomalies, unapproved system configurations, incidents, and undesired activity to the appropriate staff for resolution. Documents all infractions and anomalies in a spreadsheet and performs a trend analysis.
Responsible to understand the process of identifying DSCA Category Common Security Controls and System Inheritances using the DoD Enterprise Mission Assurance Support System (eMASS) to automate Assessment and Authorization (A&A) for all DSCA authorized information systems. Identifies system and business function commonalities using reciprocity to establish relational inheritance and shared responsibility between systems.
Verifies and validates privacy requirements, category categorization, category hierarchy, system publishing by category, and Cloud security control workflow and approval chain for DSCA authorized information systems.
Evaluates proposed changes for potentially adverse effects on the security posture of the CS - managed IT environment.
Participates in the CS change management process. Participation includes attending the weekly Enterprise Change Control Board (ECCB) meetings, reviewing Requests for Change (RFCs) distributed in email, and performing risk assessments on hardware and software. Makes determinations of the risk to confidentiality, integrity, availability, and accountability.
Assess system vulnerabilities with respect to the documented threat, ease of exploitation, potential rewards, and probability of occurrence.
Reviews new IT policies, standards, procedures, guidelines and unexpected/unintended configuration changes. Reports any unapproved configuration changes.
Provides assistance in developing and writing/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
Assists with implementation of DoD enterprise-wide cybersecurity solutions that establish automated risk mitigation, security content management, and security state analysis.
Analyzes user needs and software requirements to determine feasibility of design within time and cost constraints.
Applies defensive functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities of supply chain vulnerabilities.
Compiles and writes documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.
Designs countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
Develops system concepts and capability phases of the systems development lifecycle. Translates technology and environmental conditions into system and security designs and process.
Defines and documents how the implementation of a new system or new interface between systems impacts the security posture of the current environment.
Defines and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.
Evaluates the interface between hardware, software, and operational and performance requirements of the overall system.
Identifies and prioritizes critical business functions in collaboration with organizational stakeholders.
Identifies the protection needs of information systems and networks and documents appropriately. Provides advice on project costs, design concepts, or design changes.
Monitors, validates, and reports that all DSCA authorized information systems data are visible, available, and usable. Tags all data with metadata to enable discovery. Posts all data to shared spaces to provide access to all users except when limited by security, policy, or regulations.
Assists in establishing external vulnerability scans for assistance in the protection of a mission owner’s data.
Provides Web Vulnerability Scans (WVS) to assist in complying with public facing web presence and protecting DoD demilitarized zone (DMZ) whitelisted web sites; Intrusion assessments; malware protection implementation; Information Security Continuous Monitoring (ISCM); Cyber Incident Handling; User Activity Monitoring (UAM) for DoD Insider Threat Program.
Maintains System Lifecycle Support Plans, Information System Concept of Operations (CONOPS), Information System Operational Procedures, Information System Maintenance Training Materials, DSCA Enterprise-Wide Contingency Plan documents.
Assists with writing and maintain a Cybersecurity Threat Plan to include Vulnerability Management, Cyber Threat Intelligence, Analytics Monitoring, Mitigation and Response, Lessons Learned and Action Plan.
Protects all proprietary information. Refrains from using the information for any purpose other than that to which it was furnished. Immediately discloses knowledge of any prohibited or attempted use of proprietary information.
A minimum of 15% travel may be required to support activities.
Responsible for aiding in own self-development by being available and receptive to any training made available by the company.
Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output. Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
Responsible for keeping own immediate work area in a neat and orderly condition to ensure safety of self and coworkers. Will report any unsafe conditions and/or practices to the appropriate supervisor and human resources. Will immediately correct any unsafe conditions to the best of own ability.
CERTIFICATES / LICENSES / REGISTRATION
JOB SPECIFIC KNOWLEDGE / SKILLS / ABILITIES
Knowledge with the MS Office Suite applications of Outlook, Word, Access, and PowerPoint and Excel to perform data evaluation, formulas, and analytics
Specialized knowledge and advanced skills in the tools, concepts, practices and procedures of security incident management, threat intelligence and continuous monitoring
Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices
Ability to read, analyze, develop and interpret common information systems security documents
Expert computer skills with advanced proficiency in a Windows and Linux based computer environment
Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues
Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management and federal staff)
Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner
Highly organized with ability to effectively manage multiple projects and priorities
Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities
Ability to effectively work both independently and in a team environment for the successful achievement of goals