Security Engineer III

Responsibilities

OBXtek is recruiting for a Security Engineer III to work on the PEO-T contract for USTRANSCOM.

The tasks for this person will be, but not limited to, the following:

• Reviews evolving NIST requirements to support risk assessment activities associated with the affiliated system requirements and specifications.

• Prepares detailed specifications from which cybersecurity deficiencies identified during risk assessment will be mitigated/remediated and conducts follow-up risk assessment to ensure proper secure coding practices are being built-in/enforced to the greatest extent possible. Collaborates closely with government customers to develop appropriate POA&Ms and support risk acceptance activities as needed to support risk management processes.

• Mentors and Monitors Junior ISSEs.

• Peer Reviews Fellow Team Member's Deliverables

• Responsible for Quality Assurance (QA) review.

• Responsible for project completion and user satisfaction.

• On-site 2-3 days and as needed for SIPR/ATO Functions/Packages*

Qualifications

Active Secret Clearance

4+ years' relevant experience in the following:

• Experience developing and/or reviewing system authorization documentation in accordance with DoD implementation of the Risk Management Framework (RMF)

• Experience participating in Technical Interchange Meetings on a wide range of PMO security engineering topics

• Experience participating in Acquisition program Engineering Milestone Reviews

• Experience coordinating with Development Contractor Security/System Engineers and USTRANSCOM/DISA Security Office to resolve program security issues

• Possess skills to conduct Technical Reviews of Development Contractor produced security deliverables

• Experience performing security activities to maintain authorization of the PMO programs

• Experience using DOD Enterprise Mission Assurance Support Service (eMASS) system

• Experience providing support to ensure PMO systems are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOD regulations, USTRANSCOM requirements, and commercial best practice

• Experience reviewing vulnerability scans using ACAS, Nessus, and Fortify SCA, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions

• Experience supporting the Customer through critical review of documented DISA STIG/SRGs and ingesting them in the government-supplied tools to support risk assessment of the NIST controls.

• Experience writing and tracking POA&Ms

• Experience conducting and evaluating security testing activities including security assessments, audits, and penetration testing

• Experience supporting operational security activities (e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections)

• Experience with security lockdown and/or hardening of servers and network devices

• Ability to coordinate overall security strategy with multiple agencies, Authorizing Official (AO) representatives

• Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues

• Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements

Required Education/Certification

• Active IAM II Certification in Good Standing (e.g., CGRC, formerly CAP, CASP+CE, CISM, CISSP (or associate), GSLC, CCISO)
• Bachelor's in Computer Science or Cybersecurity or equivalent

Security Clearance

Secret

Company Information

Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People…Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.

We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.

As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.

OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.