Job Brief
A&A; RMF
Job Description
We're searching for talented individuals who provide engineering services for network infrastructure as well as sophisticated enterprise computing infrastructure including end-point devices, data center hosted servers, multi-Cloud services as well as virtualized applications, and storage systems. This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a difference, then come join us!
Job Description:
We are looking for an Cyber Security Systems Engineer to join our technology-based program supporting a key government customer. The Cyber Security Systems Engineer assesses and mitigates system security threats/risks throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. As a Cyber Security Systems Engineer, you will play a crucial role in enhancing our security infrastructure and ensuring a secure network.
The
We're searching for talented individuals who provide engineering services for network infrastructure as well as sophisticated enterprise computing infrastructure including end-point devices, data center hosted servers, multi-Cloud services as well as virtualized applications, and storage systems. This program will maximize the effectiveness and efficiency of our country's most important missions both at home and abroad. If you are ready to support a high-performing team that truly makes a difference, then come join us!
Job Description:
We are looking for an Information Systems Security Engineer (ISSE) to join our technology-based program supporting a key government customer. The ISSE assesses and mitigates system security threats/risks throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. As an Information Systems Security Engineer (ISSE), you will play a crucial role in enhancing our security infrastructure and ensuring a secure network.
The Cyber Security Systems Engineer shall possess the following capabilities:
- Minimum of Sixteen (16) years' experience supporting the customer's A&A projects.
- Possess multi-tasking skills, as well as be a good communicator/facilitator. Comfortable at all levels from developer to senior staff.
- Knowledge of the complex network environments involving shared networks and multiple security enclaves.
- Possess the ability to bridge the technical implementation (i.e., developer talk), into commonly understood security words. Often this is a skillset and is not an actual language, but frequently translation or a basic understand needs to be conveyed by the ISSE when speaking with others or in writing the documentation in order to ensure it's easy to understand.
- Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts.
- Document and obtain a general understanding of the architecture being developed or that was developed for each project to write the Systems Security Plans (SSP)/CONOPS in the Xacta application.
- Gather the information by working with various team members to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP's), etc.
- Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA)
- Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e., evidence gathering from the teams)
- Coordinating with various contractor and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer's A&A process to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
- Keep track of where each of the various A&A projects are within the customer's A&A process to know when it's time to re-submit for accreditation or an accreditation extension.
Additional Requirements:
- Previous ISSE experience directly supporting the customer.
- Previous ISSO experience directly supporting the customer is also helpful.
- Various security tools and reports such as Xacta, RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk
- Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.)
- Virtualization experience (VDI & VMWare)
- Basic knowledge is helpful, but not required for the following general topics: Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security Development and Operations (SecDevOps)
- CISSP, or GSLC
- AWS Certified Security Specialty
- Basic Excel and Microsoft Office365
Qualifications:
- Bachelor's or Master's Degree are preferred in one or more technical discipline but can be waived if previous direct ISSE support to this customer's agency.
- Three (3) years of experience can be considered in lieu of a degree for a total of six (6) years of experience.
Position requires active Security Clearance with appropriate Polygraph
shall possess the following capabilities:
- Minimum of Three (3) years' experience supporting the customer's A&A projects.
- Possess multi-tasking skills, as well as be a good communicator/facilitator. Comfortable at all levels from developer to senior staff.
- Knowledge of the complex network environments involving shared networks and multiple security enclaves.
- Possess the ability to bridge the technical implementation (i.e., developer talk), into commonly understood security words. Often this is a skillset and is not an actual language, but frequently translation or a basic understand needs to be conveyed by the ISSE when speaking with others or in writing the documentation in order to ensure it's easy to understand.
- Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts.
- Document and obtain a general understanding of the architecture being developed or that was developed for each project to write the Systems Security Plans (SSP)/CONOPS in the Xacta application.
- Gather the information by working with various team members to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP's), etc.
- Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA)
- Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.e., evidence gathering from the teams)
- Coordinating with various contractor and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer's A&A process to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
- Keep track of where each of the various A&A projects are within the customer's A&A process to know when it's time to re-submit for accreditation or an accreditation extension.
Qualifications:
- Bachelor's or Master's Degree are preferred in one or more technical discipline but can be waived if previous direct ISSE support to this customer's agency.
- Nineteen (19) years of experience can be considered in lieu of a degree.
Position requires active Security Clearance with appropriate Polygraph
Pay Range:
The RealmOne pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package. These considerations include, but are not limited to, the extent and intricacy of the role's responsibilities, the candidate's educational background, their work experience, and the specific competencies crucial for success in the role.
RealmOne Benefits:
- Healthcare Coverage + Insurance: Medical: Three (3) rich healthcare options through CareFirst with 100% or majority company-paid premiums. Tax-advantaged health savings account available with generous employer contribution. Dental + Vision: 100% employer-paid for employees and family with buy-up option available.
- Retirement + Savings: 401K - 10% TOTAL CONTRIBUTION - 5% safe harbor (immediate vest) - 5% annual profit share (vesting req'd).
- Paid Time Off + More: 4 weeks starting PTO - 11 federal holidays + 2 floating holidays - Paid hours for company-required training.
- Career Growth + Development: Access to FREE 24/7 learning via Udemy - Opportunities to participate in tech councils, industry initiatives, etc. - $7,500 annual Educational & Professional Development Assistance.
- MORE BENEFITS...FOR EVERY LIFESTYLE! - Paid parental leave - Adoption assistance - Annual swag drops - Flexible work schedules - -Generous referral bonus program - Employee appreciation + family-friendly corporate events ...and much more.
ABOUT US
- RealmOne is a mid-sized science and technology company dedicated to solving our customers' toughest mission challenges.
- Headquartered in Columbia, MD., RealmOne supplies advanced cybersecurity, data science and software engineering services and products to customers in the Government and commercial sectors.
- RealmOne delivers encompassing mission assurance and critical systems support to government customers across various U.S. locations to include Colorado, Georgia, Hawaii, Texas, Utah, and Virginia.
- RealmOne has won numerous awards, to include Top Workplaces by the Baltimore Sun. Across more than 20 prime contracts, RealmOne is a premiere innovator for the Government and Department of Defense, and our team is located across the United States.
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.