• Location: Reston, Virginia
  • Type: Contract
  • Job #2836

Title: Cyber Security Engineer
Location: Reston, VA
*Clearance: *Active TS/SCI w/ Polygraph needed to apply *
Company Overview:
Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government.  Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission.  Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation’s toughest and most secure problems.  If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don’t look any further than Cornerstone Defense.
 

The Sponsor is seeking support in the domain of Endpoint Security Engineering. The focus is primarily on working in a mission technology area, which uses multiple IT systems and networks that operate in both the secure and unsecure environments. The unsecure cloud networks are primarily within Amazon Web Services (AWS) and Microsoft Azure. The Sponsor is transforming its networks, systems, and applications processes to build a secure and trusted computing environment while providing the capabilities for secure information sharing across the enterprise. The Cyber Security Engineer will provide risk mitigation recommendations for systems and applications and provide support on information security policies, regulations, and technical implementations regarding facets of cyber operations, and the Sponsor’s Accreditation and Authorization (A&A) process. They will provide support to projects teams overviewing the Sponsor’s A&A platform and streamline communications/processes between projects, ISSMs, and Sponsor Cyber Security teams. The Cyber Security Engineer will shepherd an educational initiative for system evaluation against NIST 800-53, Risk Management Framework (RMF), DISA STIGS, Zero Trust M-22-09, FedRAMP and other security standards and publications, as well as the Sponsor’s internal security regulations; orchestrate the acceleration of control selection, and acceptance for project teams and system owners towards Approval to Operate (ATO); and actively participate in or shepherd technical exchange meetings and application review boards, to verify and validate systems security controls, and provide guidance with respect to after action items/requirements. They will also provide routine briefing on system status and mitigations activities as required by the Sponsor. 
 

1. (Mandatory) Demonstrated experience with A&A processes and procedures.
2. (Mandatory) Demonstrated experience providing vulnerability guidance as it pertains to analysis results and mitigation plans for addressing security problems.
3. (Mandatory) Demonstrated experience providing risk mitigation for systems, and application in the cloud environment.
4. (Mandatory) Demonstrated experience reviewing reports generated by Nexpose, AppDetective, RunZero, and WebInspect.
5. (Desired) Demonstrated experience leading A&A teams, security initiatives, and executive level briefings.
6. (Desired) Demonstrated experience leading Technical Exchange Meetings regarding A&A and project status updates.
7. (Desired) Demonstrated experience providing guidance and writing Standard Operating Procedures for project teams which expedites the A&A Process.
8. (Desired) Demonstrated experience recommending continuous process improvement on A&A processes within the Sponsor’s environment.

 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!