Sr. Cybersecurity Engineer (ISSO)nnSummarynnTitle:Sr. Cybersecurity Engineer (ISSO)nnID:487nnDepartment:AllnnLocation:Bethesda, MDnnDescriptionnnExcentium, Inc. is a Service-Disabled Veteran owned small business that provides Cyber Security Engineering, Information Assurance (IA), management, Certification and Accreditation (C&A), and other IT services to government and commercial organizations.nnWe have an opportunity for a Sr. Cybersecurity Engineer to support one of our Federal customers.nnMINIMUM CLEARANCE LEVEL: DOD SecretnnCITIZENSHIP: US CitizenshipnnLOCATION: Remote with some on site required in Bethesda, MDnnThe Sr. Cybersecurity Engineer will analyze and define security requirements for Multi-Layer Security (MLS) issues. Perform risk analyses, which include risk assessment. Activities will include risk assessments, annual reviews, and ATOs. Prepare and maintain a current POA&M that identifies system weaknesses, vulnerabilities and proposed mitigation activities- recommendations, mitigation schedules based on the availability of resources required, points-of contact that are responsible for mitigation activities, and status of the mitigation/remediation activities. Support information system life cycle activities from rapidly establishing systems to support classified proposals, to scoping systems for latest programs and preparing Risk Management Framework packages, to regular maintenance, support and upgrades of systems during program execution, to program close-out and de-certification activities. Ensure compliance with data security policies and relevant legal and regulatory requirements in accordance with Defense Health Agency (DHA) directives and applicable Risk Management Framework (RMF) requirements. Provide support for a system or enclave's information assurance program through security authorization activities in compliance with RMF. Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Draft documentation needed to announce new cyber security initiatives and participate in building and implementing processes surrounding cyber security.nnResponsibilities:nnDevelop/maintain processes that implement the DoD Security program.nnRegularly Audit network/IT environment for compliance to Policy and associated SOP - Weekly/Daily reporting of internal high-risk systems, outstanding remediation and mitigation activities,nnLead in the development of Plan of Action and Milestones (POA&M) and compliance.nnDevelop ATO package for reaccreditation.nnWork with DHA ISSM to meet all Cyber standards for DHA systemnnManage POA&Ms and mitigation statement formulation, interfacing with system administrators to resolve open findings of high- and at-risk systems.nnSupport Validation of IT security architecture for compliance.nnAssist in compliance reporting for the Information Assurance Vulnerability Management (IAVM) program.nnConduct Incident Response and forensic analysis when necessarynnAssist in management of the assessment/authorization program for Health Information Technology (HIT) information systems.nnEnsure compliance with DHA RMF policies and procedures.nnMaintain the electronic registration of systems in Enterprise Mission Assurance Support Service (eMASS), DoD Information Technology (IT) Portfolio Repository (DITPR), or other Portfolio as directed.nnUpdate documentation as system information changesnnCoordinate Annual Security Assessment ReviewsnnSupport/Perform assessment of NIST 800-53 controlsnnPerform Vulnerability scanning and remediationnnRequired Education:nnBS/BA preferred in Computer Science or related field of study (can be substituted for 5 years professional experience)nnIAT Level II Certification- Security +, CCNA-SecuritynnCISSP is a plusnnRequired Skills:nnMinimum 5 years’ experience within Cyber Security fieldnnUnderstanding DOD STIGs and ability to provide direction based on STIGsnnStrong knowledge of Risk Management Framework (RMF)nnMust be capable of independent management of projects (Experience in MS Project or similar).nnAble to work in team environments and independentlynnAbility to write procedures and other informative correspondencennAbility to read, analyze and interpret security regulationsnnGood analytical and problem-solving skills to troubleshoot and resolve network/operating system security issuesnnKnowledge of eMASSnnWe take pride in building a workforce with a strong Veterans focusnnExcentium offers a competitive salary and comprehensive benefits package, including medical, dental, life, disability, 401k, and paid time off.nnExcentium, Inc. is an equal opportunity employer