Cyber Security Engineer

• Assess organization-wide security and privacy risk and update assessment results on an ongoing basis
• Perform system analysis and develop system test for cyber threats, cyber test activities, and the cybersecurity of large-scale events
• Support and facilitate various ATO/IATT packages including processing IAVMs and CTOs for the same
• Perform cyber risk assessments and develop risk mitigation plans (i.e., POA&Ms, SCRM, etc.) using a variety of tools
• Perform software assurance tasks, including but not limited to software assurance risk reports
• Ensure product security engineering development lifecycle is followed, with an emphasis on clear requirements development/verification
• Perform criticality analysis to include the ability to work with suppliers, identify critical components, and integrating them into the overall system
• Support proposal development efforts, including but not limited to: BOE generation, GR&A development, trade study analysis
• Support the engineering installation & analysis of patches and various system updates and upgrades to determine system consequence of these changes
• Attend, collect data from, out brief, and facilitate collaboration and project management from various program boards
• Applying Security Technical Implementation Guides (STIGs)
• Managing and addressing any Cyber Tasking Orders (CTOs) related to the Cyber Tools
• Documentation and verification of all installation and configuration steps for the labs and operations deliveries
• Providing feedback to Cyber Leadership and engineers to improve the cybersecurity tools and processes
• Collaborating with local Information System Security Officers (ISSOs) to ensure compliance with relevant cybersecurity standards and regulations
• Support cyber threat intelligence activities
• Support the development and maintenance of cyber scanning, patching, remediation, tools and applications
• Support, as required, TEMPEST, DFARS, COMSEC, CNSSI, and other compliance drivers as needed
• Perform and/or support the development of tools for cyber forensics
• Develop, define efficiencies and improvements to tools to improve team productivity
• Perform system analysis trade studies to define technical concepts and solutions

• Bachelor or Master of Science degree from an accredited course of study, in engineering, computer science, mathematics, physics or chemistry.
• Active Top Secret clearance
• Current DoD 8570 certification at IAT Level II / IAM Level I or higher (e.g., Security+, GSEC, SCNP, SSCP, CISSP, CISA, GSE, SCNA)
• Experience using analytical, collaboration, communication and organizational skills
• 2 years+ experience in product security / cybersecurity engineering
• 2 years+ experience with industry standard cybersecurity frameworks (NIST, OWASP, DFARS)

• 2 years+ experience in Windows/RHEL System admin experience, installing, tuning & troubleshooting Cyber Tools to include ESS/HBSS, ConfigOS, Splunk, etc.
• 2 years+ experience in configuring, running, and scripting audit tools
• 2 years+ experience using knowledge of Software Assurance (SwA) static and/or dynamic code analysis (e.g. Fortify)
• Experience with Federal Information Security Management Act (FISMA)/RMF and National institute of Standards and Technology (NIST) 800-53 requirements
• Experience leading system and component level cyber test and evaluation, including threat and security assessments, and tabletop exercises
• Experienced self-starter with strong written and oral communication skills, and a focus on translating technically complex issues into simple, easy to understand concept
• Growing understanding of DoD defense systems architectures and communications system concepts, mission, and common system test and data analysis techniques

LanceSoft