Senior Cybersecurity Engineer

Applied Research Solutions is seeking a full-time Senior Cybersecurity Engineer located at Offutt Air Force Base, Nebraska, supporting ASSETS.

Responsibilities include:

• Understand and develop Plan of Action and Milestones (POA&M) required in support of information assurance or security necessities
• Manage the fact finding, analysis, and development of hypothesis, conclusions, production of final reports and presentations, which requires expert knowledge of database practices, and USSTRATCOM database organization, operations and objectives, and requires training in application security and software analytical tools used by the IPT these tools include Application Security AppDetective Pro, Application Security DBProtect, Fortify Source Code Analyzer, Fortify 360 Server, Fortify Real-Time Analyzer, IBM/Rational AppScan
• Support Cybersecurity and Cybersecurity Testing. The contractor shall conduct tests of cybersecurity safeguards and integration of systems IAW established test plans, STIGs and Cybersecurity Controls. Cybersecurity support must be able to identify areas of cyber weakness within the programs and assist in providing solutions and document results with POA&Ms. Cybersecurity staff must ensure the design of hardware, operating systems, and software applications adequately address security requirements for the Computing Environment (CE) to include testing cybersecurity mitigations. This work requires the establishment and sustainment of information security assurance processes that satisfy complex system-wide requirements based upon DoDD 8500.1 Information Assurance, DoDI 8500.2 Information Assurance Implementation, DoDD 8520.1 Protection of SCI, DoDI 8510.01 Risk Management Framework (RMF) for DoD Information Technology, DoD 8570.01M Information Assurance Workforce Improvement Program, and DoDI 8580.1 Information Assurance in the Defense Acquisition Process used for the analysis of user, policy, regulatory, and resource demands. These tasks require the development and production of RMF documentation for Secret, Top Secret and JWICS networks. Cybersecurity recommendations shall be provided based on evaluation and review of engineering proposals to ensure compliance with mandated cybersecurity requirements. These positions provide support in the development and implementation of doctrine and policies including CJCSI 6510.01E IA and Computer Network Defense (CND); CNSSP-22 Information Assurance Risk Management Policy for National Security Systems, and CNSSP-6 National Policy on Certification and Accreditation of National Security Systems. The contractor shall have knowledge and experience with NIST 800-53, and DoD Risk Management Framework tools (eMASS/Xacta).
• Perform vulnerability assessments and security tests on networks, web-based applications, and computer systems. Use testing methods to pinpoint ways that attackers could exploit weaknesses in security systems. Conduct network and system security audits, evaluate how well system conforms to a set of established criteria. Analyze policies for effectiveness, make suggestions on security policy improvements, and work to enhance methodology material. Document findings, write security reports, and discuss solutions with IT teams and management. Provide feedback and verification after security fixes are issued. Perform "black box" and "white box" testing. Perform Blue and Red team war gaming exercises. Perform security and technical assessments on new technologies. Generate "Best Practices" for implementations of new technologies. Perform reviews of application designs and source code (mainly Java, JavaScript, and C). Automate security testing through scripts and macros
• Other duties as assigned

Qualifications/ Technical Experience Requirements:

• Must be a US Citizen
• TS/SCI
• Possesses the advanced knowledge, experience, and recognized ability to be considered an expert in their technical/professional field, possess the ability to perform tasks and oversee the efforts of junior and midlevel personnel within the technical/professional discipline. Will demonstrate advanced knowledge of their technical/professional discipline as well as possess a comprehensive understanding and ability to apply associated standards, procedures, and practices in their area of expertise. (Program Office, Enterprise, and Staff Level Support interface)
• Functionally Aligned Minimum Recommended Education and Experience:
  • Advanced Degree (MA/MS) and 12 years of experience in the respective technical/professional discipline being performed, 5 years of which must be in the DoD OR, BA/BS degree, and 15 years of experience in the respective technical/professional discipline being performed, 5 of which must be in the DoD OR, 20 years of directly related experience with proper certifications as described in the Functionally Aligned Job Descriptions, 8 of which must be in the DoD
• Non-Functionally Aligned Recommended Education and Experience:
  • GED, 10 years of experience in the respective profession being performed, 5 of which must be in the DoD
• Knowledge of computer systems and web applications and be comfortable using the following software and programs:
  • Minimum of 3 years of experience conducting penetration testing or Blue team testing
  • Must hold a GPEN, GWAPT, GSE, OSEE, OSCE, OSCP, or GXPN
  • Application security and safe coding techniques
  • Programming languages (such as SQL, C#, JavaScript, Ruby, Powershell, and Python)
  • Security assessment tools (such as Tenable NESSUS, WebInspect, OWASP ZAP, Burp Suite, Metasploit, and Kali Linux)
  • Security frameworks (such as NIST, MITRE ATT&CK Framework, OWASP Framework, and APT TTPs)
  • Operating systems (such as Linux, UNIX, Windows)
• Possess DoD Directive (DoDD) 8570 Information Assurance Management (IAM) Level II certification or DODD 8140 Information Assurance Security Engineer Level II certification

All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals on the basis of disability, and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans, and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)