Cyber Engineer Principal

Description

Accelerate your career and make a difference for national security in cutting edge Cyber and Space development by helping a team of industry professionals and experts that will architect and build a cloud-based software factory in support of Space Development Agency’s Battle Management Command, Control and Communication (BMC3) Program. The system that you and your team will create will establish the capability to securely and rapidly field mission applications developed by BMC3 ecosystem participants for space vehicle platforms in support of Joint All Domain Command and Control (JADC2) objectives. This position will provide you with exposure to advanced security and automation practices, as well as the opportunity to work with highly skilled engineers and architects. Additionally, you will have the chance to mentor junior developers and leverage your leadership abilities.

SAIC is seeking a Cyber Security Software Integration Engineer to support a fast paced highly innovative SDA project with the development of a cloud-based software factory for the BMC3 program. This position is primarily remote.

Primary responsibilities include:

Key Job Functions:

• Cyber Defense Operator – Supports BMC3 AppFac active cyber defense operations in DOD AWS CloudOne
• Provide engineering analysis, security recommendations for design implementation/operational execution
• Perform computer and/or network security vulnerability assessments to identify, evaluate and mitigate security risks, threats, and vulnerabilities utilizing SD Element
• Develop the Authorization & Assessment (A&A) BoE to meet DoD and Federal directives
• Monitor security audit and intrusion detection system logs for system and network anomalies
• Monitor technical access control methods to ensure the operational integrity of the system and data
• Achieve CtFs or ATOs across multiple government customers with minimal oversight
• Conduct and manage continuous monitoring activities of assigned systems
• Partner with engineers to analyze software, interpret security requirements, and plan effective control implementations
• Provide outstanding customer service, policy expertise, and high-quality documentation
• Serve as the primary in-person point of contact for one or more U.S. Government customers on cybersecurity and compliance requirements and questions
• Perform vulnerability scans of networks to identify security vulnerabilities, provide remediation alternatives, and conduct security risk assessments to ensure compliance with corporate security policies and best practices
• Provide subject matter expertise and analysis to bridge the gap between high-level security requirements and policies and ensure their integration into information technology component products and information systems through purposeful security design or configuration
• Provide security consultation/guidance and engineering to PM product owners, customers, system owners, and developers, and maintain security process coordination within the Department's lifecycle management and governance process

SECONDARY :

• Support the operational requirements to discern technical and administrative cybersecurity requirements and implement those requirements to meet DoD and Federal laws and directive
• Assess operational requirements to discern technical and administrative A&A requirements and develop project plans/schedules
• Independently interpret the findings of vulnerability scanning utilities such as ACAS (Tenable Nessus) and SCAP (STIG benchmark) and manage a Plan of Actions and Milestones (POA&M) for remediation of findings
• Assist customers in identifying security solutions for the company's networks and virtual private networks, application systems, key public infrastructures, authentication, and directory services to ensure the security of the network and confidential data

Qualifications

Education:

• Bachelor’s (9) nine or more experience; master’s and (5) years or more experience with a technical master degree..

Required Skills:

• Knowledge of the DoD Risk Management Framework (RMF) lifecycle (Step 1 – Step 6) for various information systems (single node to large (100+ node) heterogeneous architectures)
• Knowledge of selecting and engineering security controls via NIST SP.800-190
• Knowledge of selecting and engineering National Security System security controls via CNSSI 1253
• Knowledge in assessing the technical and administrative implementation of security controls in accordance with NIST.SP.800-190
• Knowledge of the Enterprise Mission Assurance Support Service (eMASS)
• Knowledge of applying security controls to Unix variants (i.e., Linux, Debian, etc.) ,Microsoft operating systems, Linux operating systems
• Knowledge of networking, software development, scripting languages, software integration, or related skills
• Knowledge of networking protocols and understanding of security-related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, and access-lists
• Knowledge of the DoD Security Technical Implementation Guides (STIGS), Security Requirements Guides (SRG), and industry best practices for various applications
• Certificate to Field (CtF) Policies

Desired Skills:

• Experience with Amazon Web Services (AWS) to include services such as VPC, EC2, IAM, S3, Lambda, CloudWatch

• Experience with Kubernetes and/or other container orchestration tools

• Experience with Platform One or other DoD Software Factories

• Knowledge of the Atlassian Suite (Jira, Jira Service Management, Confluence) including front-end and administrative functions & its plugin structure

• Experience and knowledge of Software Composition Analysis (SCA) tools (e.g., Fortify, SonarQube, Prisma Cloud Compute)

• Experience with Infrastructure as Code (IaC) tools (e.g., Terraform)

• Experience with access management and client account technical support (SSO, Keycloak, Appgate)

Clearance:

• Must be a U.S Citizen. with an active Secret clearance

Certifications:

• Possess a DoD 8570 IAT Level II Certification (e.g., Security+) or the ability to obtain the certification within 60 days

Target salary range: $160,001 - $200,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.