Sr. Cybersecurity Engineer
Current•Performed data-gathering techniques (e.g. questionnaires, interviews, and document reviews) in preparation for assembling C&A/A&A packages and ATO•Selected baseline security controls and applied tailoring guidance and supplemental controls as needed based on risk assessments.•Assist with the preparation and maintenance of documentation.•Evaluate security solutions to ensure they meet security requirements for processing classified information.•Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.•Responsible for the Assessment and Authorization (A&A) documentation (FIPS 199, E-Authentication Worksheet, Security Assessment Plan (SAP), System Security Plan (SSP), POA&M, Risk Assessment, and Assessment of Key Controls for assigned systems.•Develop and maintain documentation for C&A by DoD policies.•Develop and update the system security plan and other IA documentation.•Provide security-relevant information system software, hardware, and firmware.•Develop system security policy and ensure compliance.•Ensure quarterly vulnerability scans are performed, ensure the appropriate personnel are notified of open findings, and that remediation or mitigation is performed.•Develop and manage POA&Ms for any remaining open findings and ensure they accurately speak to vulnerabilities and outline accurate measures for mitigation. •Work closely with the Information Security Officer (ISO) to develop and execute security initiatives and risk management.•Conduct security risk assessments and provide recommendations to management to improve the security of the systems/network.•Administer the user identification and authentication mechanism of the Information System (IS).•Conduct validations and evaluate cybersecurity packages.•Experience applying risk assessment methodology to system development.