Cybersecurity Engineer

Summary

Join Defense Unicorns as a cybersecurity SME, leading the Risk Management Framework (RMF) process for platform accreditation. You will champion modern security implementations within DoD environments, accelerating the Authority to Operate (ATO) process while improving security posture. Collaborate with cross-functional teams, conduct risk assessments, and perform security testing. Maintain accreditation documentation and stay updated on cybersecurity threats and regulations. This role requires expertise in NIST-800 series standards and DoD accreditation. The salary range is $147,175 - $190,000 (Mid-level) or $180,000 - $219,000 (Senior-level), depending on qualifications and interview performance. The position is remote and requires U.S. citizenship.

Requirements

• U.S. Citizenship
• Proven experience in cybersecurity engineering, with a focus on achieving accreditation for software systems within the DoD environment
• In-depth knowledge of NIST-800 series standards, particularly NIST-800-53, and experience applying these standards to achieve accreditation
• Strong understanding of cybersecurity principles, technologies, and best practices, including encryption, authentication, access control, and secure coding practices
• Hands-on experience with security assessment tools and techniques, such as vulnerability scanning and security analysis
• Excellent analytical and problem-solving skills, with the ability to assess complex systems and identify security risks
• Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders
• Eligibility to obtain and maintain a DoD security clearance
• Eligibility to obtain and maintain privileged access in a Government Cloud Environment (relevant training and/or certifications)

Responsibilities

• Lead and pathfind the effort to achieve accreditation in accordance with NIST-800 series requirements
• Develop and implement cybersecurity policies, procedures, and controls necessary to meet DoD accreditation standards
• Conduct comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks
• Collaborate with cross-functional teams including software developers, system architects, and other Government stakeholders to integrate cybersecurity measures into the software development lifecycle
• Perform security testing and evaluation of our software platform to identify vulnerabilities and weaknesses (STIGs, ACAS, CI/CD security testing, etc.)
• Provide guidance and support to ensure continuous monitoring and maintenance of cybersecurity controls
• Prepare and maintain documentation required for the accreditation process, including System Security Plans (SSPs), Security Assessment Reports (SARs), and other relevant artifacts
• Stay up-to-date with evolving cybersecurity threats, technologies, and regulations to proactively address security challenges and compliance requirements
• Serve as a subject matter expert on cybersecurity best practices, standards, and procedures within the organization
• Support automated Compliance-as-Code capabilities that continuously evaluate the cybersecurity posture of the tech stack

Preferred Qualifications

• Proven track record of thinking outside the box and pushing the boundaries of the RMF/ATO status quo
• Skilled at translating technical implementation (infrastructure as code and configuration as code) into verifiable eMASS security control responses that Approving Officials (AOs), and their staffs, can understand
• Familiarity with software development methodologies and practices, particularly Agile and DevSecOps
• Experience building and supporting continuous authority to operate (cATO) packages within the DoD
• Experience with Open Security Controls Assessment Language (OSCAL)
• Ability to use OSCAL to manage control implementation and statements as “compliance as code”
• Understand how products and deployments affect the OSCAL lifecycle from upstream to operations
• Familiarity with Department of the Air Force (DAF) security approval processes to include AFI 17-101
• Familiarity with DAF Gov Cloud offerings and inherited controls in Gov Cloud environments
• Familiarity with the Cloud Computing Security Requirements Guide (CC SRG)
• Experience working in a remote team or asynchronous work environment where focus, discipline, and comfort navigating/leveraging various communication forms and frequencies to disseminate and prioritize information and keep stakeholders informed

Benefits

• Medical/Dental/Vision
• Premiums are 100% Company Paid
• Health Reimbursement Account
• Life Insurance
• Disability Insurance
• 401k Retirement Plan
• Company Stock Options
• Home Office Budget
• Unlimited paid time off, with a mandatory 10 days off on top of 11 federal government holidays, week of Thanksgiving, last two weeks of December (including New Year’s Day)
• Paid Parental Leave
• Reimbursement for approved trainings/subscriptions
• Conferences (travel, lodging, and fees)