Job Description
Job Description
Position Overview
We are seeking a Cyber Security Engineer to provide hands‑on cyber expertise across compliance, vulnerability management, incident response, and secure systems engineering. The role supports complex networks and systems (including multi‑classification environments), integrates cybersecurity into IT/communications platforms, and guides cross‑functional technical teams. This position is 100% onsite in Washington, DC and requires eligibility for a Public Trust.
Key Responsibilities
Cyber Engineering & Analysis
- Conduct and review technical cybersecurity assessments.
- Identify vulnerabilities and non‑compliance with cybersecurity standards; recommend mitigations.
- Perform research, design evaluation, technical development, and system integration planning.
Security Operations & Monitoring
- Perform and maintain vulnerability scans; produce clear reports and metrics.
- Track and report IAVM (Information Assurance Vulnerability Management) compliance.
- Maintain a curated library of security audit tools and procedures for testing, internal audits, incident response, and diagnosis.
Risk Management & Authorization
- Maintain Authorization to Operate (ATO) records and supporting artifacts.
- Manage and report POA& M (Plan of Action & Milestones) compliance.
- Review C& A (Certification & Accreditation) documentation for completeness and compliance.
Architecture, Integration & Leadership
- Integrate cybersecurity requirements with IT and communications systems.
- Guide/coordinate activities of penetration testers, incident handlers, cyber analysts, and product support teams.
- Lead or contribute to complex cyber, engineering, and architecture tasks; mentor technical staff as needed.
Required Education & Experience
Meet one of the following pathways:
- Bachelor’s degree + 12 years of related experience; or
- Master’s degree + 10 years of related experience; or
- Ph.D. + 7 years of related experience; or
- 15 years of related experience with no degree.
Minimum Qualifications
Experience in:
- Cybersecurity assessments, incident response, and threat/risk/vulnerability analysis.
- Supporting complex networks/systems (including differing classification levels).
- Applying the Risk Management Framework (RMF).
- Strong written and verbal communication skills; ability to brief technical/non‑technical stakeholders.
- At least one active security certification, such as: Security+ CE, CySA+, CCNA Security, SSCP, CISSP (or Associate).
Preferred Qualifications
- Familiarity with cloud technologies (e.g., AWS, Azure, GCP) and cloud security controls.
- Prior leadership of cross‑functional cyber initiatives and/or supervision of technical staff.
- Experience coordinating with governance, risk, and compliance teams and implementing control frameworks.