Apply systems security engineering methods across the architecture, design, evaluation, and integration of Merlin's defense programs and products, working alongside engineering teams to embed security requirements early rather than retrofitting them once a system is built.
Support RMF accreditation and authorization activities for supported programs, including categorization, controls selection and implementation, security assessment, and body of evidence package development through all required RMF steps.
Engage with government customers and their security representatives to define, document, and implement security protection requirements with the technical rigor and fidelity that DoD authorization demands.
Apply and verify DISA SRGs and STIGs across program environments, and maintain the configuration management processes that keep systems compliant as they evolve through their operational lifecycle.
Conduct vulnerability assessments using tools such as Tenable NESSUS and ACAS, coordinate remediation with engineering teams, and manage the ongoing security posture of supported systems.
Evaluate and advise on the selection of COTS, GOTS, and open-source tools entering the program environment, following DoD-approved software approval processes and ensuring security implications are understood before adoption.
Support DevSecOps security integration by bringing defense-grade practices into our CI/CD pipeline, including static application security testing and security-gated build processes for government-facing deliverables.
Requirements
Bachelor's degree with 5 years of cybersecurity experience on DoD or government programs
Direct experience with RMF accreditation and authorization, including body of evidence package development and working with government ISSOs, SCAs, or authorizing official representatives through the authorization lifecycle
Hands-on experience applying DISA SRGs and STIGs and conducting vulnerability assessments with tools such as Tenable NESSUS, ACAS, or SCC
Active clearance. TS preferred.
Tech Stack
Cyber Security
TypeScript
Benefits
catered lunches featuring a rotating menu of delicious options
an assortment of snacks to keep you fueled throughout the day
a selection of beverages, including coffee, tea, and other drinks