HiringCafe
Posted 2w ago

Cyber Security Engineer 3

@ Base-2 Solutions
View All Jobs
Bethesda, Maryland, United States
OnsiteFull Time
Responsibilities:Designing secure, Integrating RMF, Maintaining SSPs
Requirements Summary:Active TS/SCI with CI Poly; DoD 8570.01-M IASAE Level II cert; Bachelor's + 6 yrs experience; strong DoD RMF, NIST, and secure development skills.
Technical Tools Mentioned:NIST SP 800-53, DoDI 8510.01, RMF+, STIGs, SCAP, STIG Viewer, ACAS, OWASP, Fortify, SonarQube, Tenable, XACTA, eMASS, Kubernetes, Rancher, Strimzi, Cloudera, Active Directory, Bash, Python, PowerShell, GitLab, Jira, Confluence, OIDC, OAuth2
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Position Summary

Support multiple task orders under the DOMEX Technology Platform contract supporting NMEC by designing, developing, and implementing secure systems in on-premises infrastructure and integrating security across the system lifecycle.

Essential Duties and Responsibilities

  • Support the secure architecture, design, and implementation of DoD systems in accordance with DoDI 8510.01, NIST SP 800-53, and other DoD security guidance. 
  • Lead integration of RMF activities into the SDLC, including selection, implementation, and validation of security controls. 
  • Develop and maintain SSPs, SARs, risk assessments, and POA&Ms. 
  • Apply STIGs and validate compliance using SCAP, STIG Viewer, and ACAS. 
  • Maintain scanning infrastructure and analyze vulnerabilities for mitigation or risk acceptance. 
  • Support system authorization, incident response, forensics analysis, and security automation efforts.

Required Qualifications

  • Active TS/SCI with ability to obtain a CI Polygraph.
  • Bachelor's degree with a minimum of six years of experience in the category field. Three additional years of experience may be substituted for the bachelor's degree.
  • At least one DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE. 
  • Developer experience preferred in at least one scripting or programming language. 
  • Experience reviewing cybersecurity vulnerabilities for risk and relevance and building mitigation/remediation plans across systems, network, application, and database vulnerabilities. 
  • Ability to architect, design, troubleshoot, maintain, and deploy vulnerability scanning solutions such as OWASP, Fortify, SonarQube, and Tenable. 
  • Experience with XACTA, eMASS, or similar tools. 
  • Strong understanding of Microsoft Windows and Linux/UNIX operating systems. 
  • Experience with middleware/web technologies, databases, TCP/IP networking, and CI/CD platforms. 
  • Familiarity with NIST 800-171, 800-172, NIST SSDF, CMMC, and CNSSI 1253. 
  • Experience supporting DoD/IC systems through the RMF+ process.

Preferred Qualifications

  • Software development experience with Python, Java, or React.
  • Experience successfully achieving ATO under RMF+. 
  • Experience with big data applications. 
  • Experience with GitLab, Jira, and Confluence. 
  • Experience in Agile environments. 
  • Experience with OIDC or OAuth2. 
  • Experience with Kubernetes, Rancher, Strimzi, Cloudera, Active Directory, and scripting languages such as Bash, Python, or PowerShell.

Required Education and Experience Equivalency

EducationYears of Experience
High School Diploma/GED9
Associates Degree9
Bachelors’ Degree6
Masters’ Degree6
PhD6

Required Certifications

  • One DoD 8570.01-M IASAE Level II certification: CISSP, CISSP-ISSAP, CISSP-ISSEP, CSSLP, or CASP+ CE.

Required Security Clearance

  • Active TS/SCI with ability to obtain a CI Polygraph.