Cyber Security Engineer 3

Position Summary

Support multiple task orders under the DOMEX Technology Platform contract supporting NMEC by designing, developing, and implementing secure systems in on-premises infrastructure and integrating security across the system lifecycle.

Essential Duties and Responsibilities

• Support the secure architecture, design, and implementation of DoD systems in accordance with DoDI 8510.01, NIST SP 800-53, and other DoD security guidance. 
• Lead integration of RMF activities into the SDLC, including selection, implementation, and validation of security controls. 
• Develop and maintain SSPs, SARs, risk assessments, and POA&Ms. 
• Apply STIGs and validate compliance using SCAP, STIG Viewer, and ACAS. 
• Maintain scanning infrastructure and analyze vulnerabilities for mitigation or risk acceptance. 
• Support system authorization, incident response, forensics analysis, and security automation efforts.

Required Qualifications

• Active TS/SCI with ability to obtain a CI Polygraph.
• Bachelor's degree with a minimum of six years of experience in the category field. Three additional years of experience may be substituted for the bachelor's degree.
• At least one DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE. 
• Developer experience preferred in at least one scripting or programming language. 
• Experience reviewing cybersecurity vulnerabilities for risk and relevance and building mitigation/remediation plans across systems, network, application, and database vulnerabilities. 
• Ability to architect, design, troubleshoot, maintain, and deploy vulnerability scanning solutions such as OWASP, Fortify, SonarQube, and Tenable. 
• Experience with XACTA, eMASS, or similar tools. 
• Strong understanding of Microsoft Windows and Linux/UNIX operating systems. 
• Experience with middleware/web technologies, databases, TCP/IP networking, and CI/CD platforms. 
• Familiarity with NIST 800-171, 800-172, NIST SSDF, CMMC, and CNSSI 1253. 
• Experience supporting DoD/IC systems through the RMF+ process.

Preferred Qualifications

• Software development experience with Python, Java, or React.
• Experience successfully achieving ATO under RMF+. 
• Experience with big data applications. 
• Experience with GitLab, Jira, and Confluence. 
• Experience in Agile environments. 
• Experience with OIDC or OAuth2. 
• Experience with Kubernetes, Rancher, Strimzi, Cloudera, Active Directory, and scripting languages such as Bash, Python, or PowerShell.

Required Education and Experience Equivalency

Required Certifications

• One DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE.

Required Security Clearance

• Active TS/SCI with ability to obtain a CI Polygraph.