Scientific Research Corporation (SRC) is an advanced information technology engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC is searching for a well-rounded Cybersecurity Engineer to test, analyze, evaluate, validate, and verify cybersecurity requirements for North American Aerospace Defense Command (NORAD) and United States Northern Command (USNORTHCOM) systems. These systems consist of an on-premises Nutanix Hyper-Converged Private Cloud utilizing VMware ESXi Hypervisor and associated products, with future migration to Nutanix's native Hypervisor. The Private Cloud hosts NORAD and USNORTHCOM Mission Applications and Web Services including the Situational Awareness Geospatial Enterprise (SAGE) and Air Event Information Sharing Service (A/EISS) applications, as well as the Global Command and Control System-Joint (GCCS-J) Program of Record (PoR) Systems and Information Technology (IT) infrastructure including Red Hat Enterprise Linux (RHEL) servers. Sustainment of NORAD and USNORTHCOM systems will be conducted at the government's facilities in Colorado Springs, CO.
Primary Duties & Responsibilities
- Evaluates information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance
- Conducts Assured Compliance Assessment Solution (ACAS) scans for STIG compliance checks
- Reviews Information Assurance Vulnerability Alerts (IAVA) for applicability and impact to N-NC
- Develops and/or updates the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks
- Analyzes changes affecting the organization's Authorization to Connect (ATC) risk level and cybersecurity posture and report findings
- Ensures that security design & distribution actions are evaluated, validated, and implemented as required
- Ensures that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
- Evaluates development efforts to ensure that baseline security safeguards are planned for and appropriately installed
- Identifies alternative information security strategies to address organizational security objectives of cyber taskings
- Assists the command ISSM in preparing, distributing, and maintaining plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations and cybersecurity practices
- Reviews and recommends policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies
- Develops, updates, and/or reviews ATO, IATT, ATC documentation to include, but not limited to, Security Plans, Implementation Plans, Test Plans, Test Results (ACAS, STIGs, etc.), POA&M, and Security Assessment Reports (SAR)
- Assesses system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Coordinates with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
Minimum Skills & Requirements
- 1-2 years combined cybersecurity experience holding one or more of the following roles: ISSE, ISSO, and/or Security Control Assessor (SCA)
- 2+ years of experience working with Windows and/or Red Hat Enterprise Linux (RHEL) systems administration
- Bachelors degree (Cybersecurity, Engineering, Computer Science, or related IT fields)
- Active DoD 8570 Level II Certification (e.g. Security+ CE, CCNA Security, etc.)
Desired Skills & Requirements
- Skilled in the use of Enterprise Mission Assurance Support Service (eMASS)
- Knowledgeable with Supply Chain Cyber Risk Management (SCRM)
- Knowledge of cybersecurity principles and DoD requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, zero trust)
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT, THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS, A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL
About Us
Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients.
Scientific Research Corporation offers a competitive salary, an extensive benefits package and a work environment that encourages excellence. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
DIVERSITY & INCLUSION
We strongly believe in the abundance of differences among individuals. We value different points of view and appreciate diverse perspectives. We truly believe this is what makes our organization inclusive and more responsive to the needs of our diverse customers.
EQUAL OPPORTUNITY EMPLOYER
Scientific Research Corporation is an equal opportunity and affirmative action employer that does not discriminate in employment.
All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, or national origin, disability or protected veteran status.
Scientific Research Corporation endeavors to make www.scires.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact srchr@scires.com for assistance. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
[]