Position Title: Sr-Level Cybersecurity Engineer (RMF/STIG/ATO)

General Position Description:

XSITE LLC is seeking a Senior-level Cyber Engineer to provide digital engineering, integration, and testing support services in support of a U.S. Navy effort. This role will work directly with the Program Manager to lead an (internal) engineering team and a (external) team of software vendors through the government’s cyber security accreditation process to ultimately achieve an Authority to Operate (ATO) on an in-development system. This is a Full Time (Regular) Exempt (Salary) position located in Royersford, PA 19468. A qualified candidate will be willing and able to work on-site at the Navy Shipyard in Philadelphia as needed.

Job Description:

In this capacity, the successful candidate will be required to:

• Directly interface with the customer, prime contractor, and Authorizing Official’s (AO’s) representative
• Coordinate with the PM/Lead Systems Engineer to lead a small RMF/Cyber team through the self-assessment of controls
• Develop and submit a System Categorization (SysCat) with multidisciplinary engineering support
• Identify required STIGs and advance the system certification path based upon the project requirements
• Prepare and submit a self-evaluation of controls via Enterprise Mission Assurance Support Service (eMASS)
• Assist the development team with a detailed ASD STIG review of the software solution
• Support the Authority to Operate (ATO) process for the desired production environment via the Risk Management Framework (RMF)
• Work closely with system designers/vendors to document the as-designed/as-built system
• Support architecture design for cloud environment setup (IL4/5, and IL6)
• Conduct cyber activities relating to the migration of the commercial software solution to DoD networks
• Conduct security assessments and vulnerability scans in a test environment
• Prepare a list of open vulnerabilities for the developer team to address
• Prepare a certification package including ASD STIG assessment & documentation, vulnerability/scan assessments
• Conduct quarterly (or more frequent) software security reviews, aid with update deployments as necessary

Basic Qualifications:

• Bachelor’s or higher degree in Computer Science, Cybersecurity, Information Assurance, or similar engineering or science degree
• Security +
• 8-10 years of overall related experience:
  • Cybersecurity or Information Assurance
  • Direct experience working on STIG compliance, especially the ASD STIG
  • Execution of the RMF and the ATO Process
  • IT management / system administration experience, preferably with Government networks or information systems
  • Execution of DevSecOps procedures

Desired Certifications, Skills, & Experience:

• Must have excellent written and verbal communication skills; ability to manage external vendors; and experience working with an AO’s representative
• Experience with full-cycle DoD RMF processes (specifically, NAVSEA)
• Experience creating RMF artifacts in Navy format that are required for Interim Authority to Test (IATT) and Authority to Operate requests (including but not limited to system security plan, architecture diagrams, network diagrams, HW/SW lists, PPSM, STIG compliance lists and checklists, ACAS scans, and POA&M)
• Experience working full scope of RMF security controls based on the NIST SP800-53 standard
• Working knowledge of STIG compliance scanning and ACAS/NESS vulnerability scanning
• Preferred previous experience as an Information System Security Manager (ISSM) and/or Information System Security Officer (ISSO)
• CSWF IAT Level 2 or higher (i.e. Security+ and OS specific training)
• CSWF IAM Level 2 or higher (I.e. Cloud+ certificate)
• Familiarity with PlatformOne and OpenSCAP
• Experiences with Java, C#, and/or Python
• Applied knowledge of NIST 800.53
• Experience conducting code reviews
• Government cloud development environment experience
• Conducting vulnerability scanning assessments (i.e. ACAS, SCAP, OWASP)
• Penetration testing
• Software development process (including promotion) within Gov’t networks

Clearance Requirements:

• Active U.S. Secret Clearance preferred, not required
• And/or be eligible for a Secret Clearance with a successful background investigation completed.

Location: Philadelphia, PA / Royersford, PA

Telework: On-site (Royersford); occasionally On-site (Navy Yard)

Travel Anticipated: 10% or less

Timing: XSITE anticipates a start date of: April 1st, 2022

XSITE LLC, a Service-Disabled Veteran-Owned Small Business, provides full spectrum systems and systems-of-systems engineering and integration services and solutions for space, C4ISR, cyber and enterprise information systems. We strive to deliver expert-level systems engineering and technology integration services at affordable rates so mission, capability and user success are the #1 priority.

XSITE is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Job Type: Full-time

Work authorization: United States (Required)