Sr. Cybersecurity Engineer

Company: Sedulous Consulting Services Llc
Location: Quantico
Posted on: March 20, 2023

Job Description:

Sedulous is a cybersecurity consulting firm helping companies identify and comply with cybersecurity requirements. We strive to leave customers confident in their ability to manage the program once instituted. Our passion is to develop manageable cybersecurity programs for companies who understand the vital role that cybersecurity plays, and the direct correlation it has to a successful stakeholder and to risk management. We provide customized cybersecurity program policies, processes and procedures with a focus on automation and reducing your IT footprint.
We are currently hiring for a Senior Cybersecurity Engineer to join our team in Quantico, VA.
Duties/Responsibilities:

• 
  
• Perform security testing and security control assessments on commercial, federal, and DOD systems to ensure compliance with the NIST SP 800-53 Rev. 5 and other requirements.
  
• Conduct security, compliance, and vulnerability audits utilizing the latest scanning tools.
  
• Conduct security control assessments against implemented system security mechanisms.
  
• Technically perform "type" and "site" assessments security configurations and implementation.
  
• Interface with managers, administrators, engineers, and analysts perform the security assessment activities.
  
• Support security control assessments based on NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST 800-37 Rev.2.
  
• Analyze results from scanning tools such as Nessus, Fortify, Eclypsium, and Sonarcube.
  
• Develop Security Assessment Plans (SAPs), Security Assessment Reports (SARs), Residual Risk Reports (RRR), System Security Plan (SSP) and Plan of Action and Milestone (POA&M) Reports
  
  Minimum Qualifications:
  
  • 
    
  • Must be SSBI eligible and be able to obtain and maintain a Secret Clearance.
    
  • Bachelor of Science degree in Information Technology, IT Security, Network Systems Technology or related field or equivalent experience plus five (5) to seven (7) years of directly related experience or any equivalent combination of education, experience, training, and certifications.
    
  • 5+ years conducting security control assessments based on NIST SP 800-53 Rev. 5, NIST SP 800-53A Rev. 5, and NIST 800-37 Rev.2.
    
  • Understanding of NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF).
    
  • Prior experience working with a wide variety of technologies, be well versed in the current state of Information Security and be able to interpret the requirements of relevant governing bodies (ISO, NIST, OMB, DoD, etc.).
    
  • Experience performing full scope Risk Management processes for a federal client, to include Assessment & Authorization (A&A), FISMA Self Assessments, Technical Assessments (Vulnerability analysis, penetration testing), and Risk Assessments.
    
  • Experience using Certification and Accreditation (C&A) tools such as XACTA, RSA Archer, and eMASS
    
  • Experience using vulnerability and security testing tools and reviewing the results from tools such as Nessus, Fortify, Eclypsium, and Sonarcube.
    
  • Experience conducting analysis of vulnerability and compliance scan results.
    
  • Experience implementing and auditing against security configuration checklists (e.g., DISA STIGs, CIS Benchmarks, USCGB).
    
  • Robust understanding of NIST Special Publications (e.g., 800-53, 800-37, 800-171).
    
  • Strong documentation and communication (written and verbal) skills.
    
  • Knowledge and understanding of FEDRAMP, CMMC, and DFARS.
    
    Preferred Qualifications:
    
    • 
      
    • Bachelor's degree (Information Technology or Cybersecurity related field preferred, however not required).
      
    • CISSP, CAP, CISA, CISM, or Security+ certification.
      
    • 7+ years of professional experience in Cybersecurity related area.
      
    • Experience configuring and conducting technical assessments using tools such as Nessus, Fortify, Eclypsium, and Sonarcube.
      
    • Understanding of/experience implementing DISA STIGs and CIS security mechanisms.
      
    • Self-motivated and able to work in an independent manner.
      
    • Experience conducting FedRAMP CSP security documentation analysis.
      
      Company EEO Statement: Sedulous Consulting Services is an equal opportunity employer and Vietnam Era Veterans Readjustment Assistance Act (VEVRAA) federal contractor. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, protected veteran status, status as a qualified individual with a disability, or any other category protected by law. Sedulous hires and promotes individuals solely on the basis of their qualifications for the job to be filled.

Keywords: Sedulous Consulting Services Llc, Alexandria , Sr. Cybersecurity Engineer, Engineering , Quantico, Virginia