Cybersecurity Engineer

Defense Unicorns delivers mission value by streamlining software delivery for defense and civil agencies. As a Cybersecurity Engineer, you will support the RMF process, develop cybersecurity policies, conduct risk assessments, and collaborate with cross-functional teams to enhance security measures in DoD environments.

Responsibilities:

• Leading and pathfinding the effort to achieve accreditation in accordance with NIST-800 series requirements
• Developing and implementing cybersecurity policies, procedures, and controls necessary to meet DoD accreditation standards
• Conducting comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks
• Collaborating with cross-functional teams including software developers, system architects, and other Government stakeholders to integrate cybersecurity measures into the software development lifecycle
• Performing security testing and evaluation of our software platform to identify vulnerabilities and weaknesses (STIGs, ACAS, CI/CD security testing, etc.) ● Providing guidance and support to ensure continuous monitoring and maintenance of cybersecurity controls
• Preparing and maintaining documentation required for the accreditation process, including System Security Plans (SSPs), Security Assessment Reports (SARs), and other relevant artifacts
• Staying up-to-date with evolving cybersecurity threats, technologies, and regulations to proactively address security challenges and compliance requirements. ● Serving as a subject matter expert on cybersecurity best practices, standards, and procedures within the organization
• Supporting automated Compliance-as-Code capabilities that continuously evaluate the cybersecurity posture of the tech stack

Requirements:

• U.S. Citizenship is required
• Proven experience in cybersecurity engineering, with a focus on achieving accreditation for software systems within the DoD environment
• In-depth knowledge of NIST-800 series standards, particularly NIST-800-53, and experience applying these standards to achieve accreditation
• Skilled at translating technical implementation (infrastructure as code and configuration as code) into verifiable eMASS security control responses that Approving Officials (AOs), and their staffs, can understand
• Strong understanding of cybersecurity principles, technologies, and best practices, including encryption, authentication, access control, and secure coding practices
• Hands-on experience with security assessment tools and techniques, such as vulnerability scanning and security analysis
• Familiarity with software development methodologies and practices, particularly Agile and DevSecOps
• Excellent analytical and problem-solving skills, with the ability to assess complex systems and identify security risks
• Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders
• Eligibility to obtain and maintain a DoD security clearance
• Eligibility to obtain and maintain privileged access in a Government Cloud Environment (relevant training and/or certifications)
• Experience building and supporting continuous authority to operate (cATO) packages within the DoD
• Experience with Open Security Controls Assessment Language (OSCAL)
• Ability to use OSCAL to manage control implementation and statements as 'compliance as code'
• Understand how products and deployments affect the OSCAL lifecycle from upstream to operations
• Familiarity with Department of the Air Force (DAF) security approval processes to include AFI 17-101
• Familiarity with DAF Gov Cloud offerings and inherited controls in Gov Cloud environments
• Familiarity with the Cloud Computing Security Requirements Guide (CC SRG)
• Experience working in a remote team or asynchronous work environment where focus, discipline, and comfort navigating/leveraging various communication forms and frequencies to disseminate and prioritize information and keep stakeholders informed