Senior Cybersecurity Engineer

Summary

Join VetsEZ as a remote Cybersecurity Engineer and contribute your expertise to safeguarding the Department of Veterans Affairs' (VA) systems. You will implement cybersecurity policies, assess risks, support Authority to Operate (ATO) activities within the NIST Risk Management Framework (RMF), and provide expert guidance on information system security. This role demands meticulous documentation, collaboration with various teams, and translating security concepts into practical recommendations. The position requires a strong background in cybersecurity, specific certifications, and experience within a large government agency. VetsEZ offers a competitive benefits package including medical, dental, vision, 401k matching, PTO, and remote work opportunities.

Requirements

• Bachelor or Master in Cybersecurity, Computer Science, Information Systems, Information Assurance, Information Security, Information Resource Management, or related fields
• Must have - ISC2 CISSP (International Information System Security Certification Consortium - Certified Information Systems Security Professional) Certification
• Must have one or more of the following: IAT II, IAM II or IASAE II certifications: ISC2 CISSP, ISC2 CAP, ISC2 SSCP, ISC2 CCSP, ISC2 ISSEP, ISACA CISM, ISACA CISA, EC-COUNCIL CEH, CompTIA Security+, CompTIA Network+, CompTIA SecurityX, CompTIA Linux+
• Minimum Experience: 5 years of Information Security Experience of which at least 3 years are of Cybersecurity and Cloud Security experience at a large Government agency similar in size/scope to GSA, IRS, DoD or VA
• Lead and coordinate security and privacy activities within project teams, developing relevant artifacts and documenting cybersecurity requirements using the Risk Management Framework
• Perform security analyses to identify gaps, conduct impact assessments, implement compensating controls, and evaluate residual risks through system risk assessments and security impact analyses
• Conduct security compliance evaluations on IT products, assess operating system and security configurations, and ensure alignment with NIST SP 800-53 Security Controls
• Assess operating system and security configuration guidelines into images for IT products initialization and deployment within the infrastructure SCAP-SCCD-BigFix
• Experience working in the FedRAMP cloud environment, understanding IaaS, PaaS, and SaaS regarding cloud service provider (CSP) security control responsibilities and customer responsibilities
• Communicate and collaborate with internal and external customers regarding hardware and software configuration changes that may impact system security or violate policies
• Apply security principles, policies, and regulations in daily tasks, along with performing additional responsibilities as assigned

Responsibilities

• Expert communication and consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO), using Risk Management Framework (RMF)
• Experience in the creation of Security-Specific documentation such as Incident Response, Contingency Planning, and Disaster Recovery processes
• Familiarity with the security controls outlined by the National Institute of Standards and Technology (NIST), as well as the Governance, Risk Management Framework (RMF), and security compliance procedures (GRC)
• Skilled in providing support for system Authority to Operate (ATO) processes, including the creation of artifacts, implementation of controls, and development of Plan of Action & Milestones (POAM)
• Capable of facilitating meetings, conducting a thorough analysis of authorization documents and associated artifacts to identify any gaps, establishing a schedule to address outstanding authorization requirements, and effectively coordinating with stakeholders within the system team
• Proficient in utilizing the Enterprise Mission Assurance Support Service (eMASS) tool to manage intricate system records
• Experience in IT and Cloud design, security, development, systems engineering, and implementation efforts
• Utilize security evaluation tools such as Tenable Nessus, Nmap, SCAP, and Wireshark to conduct analyses and identify potential vulnerabilities
• Prepare and present comprehensive security briefings, reports, and summaries, while effectively collaborating with internal and external stakeholders on system configuration changes and their impact on security policies
• Take on additional tasks and responsibilities as needed to support team objectives and ensure the success of the project

Preferred Qualifications

• Excellent analytical skills and the ability to solve complex technical problems
• Strong communication skills, both written and verbal, to effectively interact with team members and stakeholders
• Experience with SAFe/Agile
• Ability to obtain a government clearance

Benefits

• Medical/Dental/Vision
• 401k with Employer Match
• PTO + Federal Holidays
• Corporate Laptop
• Training opportunities
• Remote Opportunity