Responsibilities
- Incorporate cybersecurity requirements into system architecture, design documents, interface specifications, and technical records across all phases of the system lifecycle.
- Design, deploy, and verify security controls aligned with NIST RMF, NIST SP 800-53, CNSSI 1253, Department of Defense directives, and internal cybersecurity policies.
- Conduct technical security evaluations such as architecture reviews, vulnerability scans, threat modeling, risk assessments, attack surface analysis, and mitigation strategy development.
- Engage in system design reviews, engineering meetings, technical discussions, and configuration management to embed cybersecurity requirements early in development.
- Create and update cybersecurity documentation, including System Security Plan content, control implementation details, security architecture visuals, data and network diagrams, interface specs, and engineering analyses.
- Assist in producing Security Assessment Plans, Security Assessment Reports, Plans of Action and Milestones, continuous monitoring records, and other artifacts for system authorization.
- Detect cybersecurity deficiencies, architectural flaws, and technical risks, and formulate effective engineering solutions to strengthen security posture.
- Work with systems engineers, software developers, network specialists, cloud engineers, system administrators, and mission stakeholders to define and enforce secure configuration baselines.
- Assess proposed changes to systems, software releases, new technologies, and architectural updates for cybersecurity impact and re-accreditation needs.
- Support vulnerability management by analyzing scan outputs, prioritizing findings, planning remediation, and verifying fixes.
- Take part in integration, testing, verification, validation, and accreditation efforts to confirm security controls operate as designed.
- Support continuous monitoring by evaluating control performance, tracking security status, and suggesting enhancements to sustain compliance.
- Ensure secure integration of Commercial Off-the-Shelf, Government Off-the-Shelf, open-source, cloud-based, and custom-built technologies.
- Deliver technical cybersecurity guidance to engineering teams on secure design principles, layered defenses, Zero Trust frameworks, and industry best practices.
- Produce technical reports, engineering recommendations, risk analyses, and executive summaries for leadership and government decision-makers.
Compensation
Not specified
Work Arrangement
Not specified
Team
Not specified
Not specified