Cybersecurity Engineer/ISSE - 26-006 - remote

AUSGAR Technologies, Inc. is an established Department of Defense contractor specializing in Information Assurance and Cybersecurity. They are seeking a Cybersecurity Engineer/ISSE to provide engineering support and risk management framework assistance for PEO-Digital, including conducting assessments and managing vulnerabilities.

Responsibilities:

• Provide Cybersecurity Engineering and Risk Management Framework (RMF) support for PEO-Digital
• Play a critical role in supporting the RMF Assessment and Authorization (A&A) processes for PEO-Digital
• Responsible for the technical implementation of the RMF
• Conduct cybersecurity and risk assessments on networks, systems and applications to identify and mitigate technical and non-technical vulnerabilities
• Handle multiple RMF authorization types, including baseline changes, use cases, Assessment Summary Results (ASR), Authorization to Operate (ATO), CAR, Denial of Authorization to Operate (DATO) & HRR/HR
• Conduct vulnerability assessment and analysis utilizing standard technologies, such as Security Content Automation Protocols (SCAPs), Assured Compliance Assessment Solution (ACAS)/NESSUS scans and DISA Security Technical Implementation Guides (STIGs)/ Security Requirements Guides (SRGs)
• Conduct security assessments and create RMF documentation, including Security Assessment Plans (SAPs), eMASS Security Risk Assessment (SARs), Special Access Programs (SAPs) Executive Summary, SAPs Body of Evidence (BOE)
• Provide accurate assessments and document security posture, capabilities and vulnerabilities
• Lead the creation of the SAPs and SARs and convey technical findings and risk assessments
• Perform detailed risk analysis, identify system vulnerabilities and provide comprehensive recommendations for risk mitigation
• Verify, validate and document risk, perform Security Control Assessments (SCAs) and document compliant and failed security controls in eMASS
• Assess STIGs and SRGs
• Ensure traceability of all vulnerabilities from raw assessment results to the Plan of Action and Milestones (POA&Ms)
• Support the Continuous Security Monitoring (CSM) program as necessary

Requirements:

• Active Secret clearance required
• Security+ CE is required, CISSP is desired
• Bachelor's degree in Information Technology or related field or business-related field
• Minimum of 5 -7 years of experience in cybersecurity risk assessment and supporting RMF A&A processes for DoD and Navy systems
• Hands-on experience conducting vulnerability assessment and analysis utilizing standard technologies, such as SCAPs, ACAS/NESSUS scans, and DISA STIGs/SRGs
• Experience developing mitigations and writing mitigation statements for ongoing vulnerabilities
• Experience using eMASS
• Experience working in Navy environments
• Experience with wireless networks technology
• Experience with Visio required
• Ability to author and maintain policy documents in support of RMF and Vulnerability Management
• Good working knowledge of Windows and RHEL OS, layer 2 and 3 network devices and supporting infrastructure
• Analytical skills to troubleshoot high-level, complex, technical problems
• Employ strong written and verbal communication skills to advise various levels of technology stakeholders, program initiatives and accrediting authorities on security requirements and Cybersecurity trends and solutions to include risk assessments and mitigations
• Some travel up to 10%
• Remote position, but will require going onto the government site a minimum of one day per week or as required
• Desired: Advanced degree in Information Technology or related field or business or related field