Salary Statement

Estimated Starting Salary Range: USD $115,000.00/Yr. - USD $191,650.00/Yr. Salary to be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data.

About Us

Scientific Research Corporation is an advanced information technology and engineering company that provides innovative products and services to government and private industry, as well as independent institutions. At the core of our capabilities is a seasoned team of highly skilled engineers and scientists with multidisciplinary backgrounds. This team is challenged daily to provide cutting edge technology solutions to our clients. SRC offers a generous benefit package, including medical, dental, and vision plans, 401(k) with a company match, life insurance, vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually, 11 paid holidays, tuition reimbursement, and a work environment that encourages excellence and more. For positions requiring a security clearance, selected applicants will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Requirements

• 5+ years combined cybersecurity experience holding one or more of the following roles: ISSE, ISSO, ISSM, Validator (e.g. NQV), and/or Security Control Assessor (SCA)
• Minimum of 5 years of IT-related experience demonstrating competency with (1) attention to detail, (2) customer service, (3) oral communication, and (4) problem solving
• Bachelors Degree (e.g. Cybersecurity, Engineering, Computer Science, or related IT fields) and Active DoD 8570 Level II Certification (e.g. Security+ CE, CCNA Security, etc.)

Desired Skills

• Knowledgeable with demonstrated cybersecurity experience in Risk Management Framework (RMF) including the following DoDI, NIST SP 800 series, CNSSI, and FIPS series
• Experience with ACAS, SCAP, and DISA STIGs/SRGs
• Assessment & Authorization (A&A)
• Policy Development
• Knowledgeable with Facility Related Control Systems (FRCS)/Industrial Control System (ICS) Compliance
• Skilled in the use of Enterprise Mission Assurance Support Service (eMASS) and/or XACTA
• Knowledgeable with Supply Chain Cyber Risk Management (SCRM)
• Skilled in compliance reporting with known vulnerabilities from alerts, advisories, errata, and bulletins
• Skilled in network security architecture concepts including topology, protocols, components, and principles with focus on producing deliverables in accordance with PPSM registration requirements and RMF processes
• Skilled in discerning the protection needs of information systems and networks with focus on identifying, tailoring, implementing, and testing RMF security controls, with practical mitigation statements
• Knowledge of current industry methods for evaluating, implementing, and disseminating in IT security assessment, monitoring, detection, and remediation tools and procedures
• Knowledge of cybersecurity principles and DoD requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption, zero trust)
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language (PL/SQL) and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)

Description

Scientific Research Corporation (SRC) is searching for a well-rounded Mid-Level Cybersecurity Engineer to test, analyze, evaluate, validate, and verify cybersecurity requirements for systems to support the installation requirements for United States Space Command (USSPACECOM) command and control facilities. Work supporting USSPACECOM will be conducted at the government's facilities in Colorado Springs, CO.

• Providing risk management and IT security services--Information Assurance (IA) support, and RMF Assessment & Authorization (A&A)
• Serving as a technical liaison between senior management, technical experts/engineers, and other stakeholders for Cybersecurity to facilitate: Plans of Action and Milestones (POA&M) maintenance and milestone tracking (mitigation statements), creation of diagrams, software and hardware lists, POA&Ms, Risk Assessment Reports (RARs), Special Publication (SP), System Security Plan (SSP), Ports, Protocols, and Services Management (PPSM), and A&A packages
• Managing RMF accreditation process from cradle to grave. Develops RMF package(s) for legacy and modernized IT architecture pursuant to Authorizations to Operate (ATO) for designated DoD systems. Leads RMF transition from DoD Information Assurance Certification and Accreditation Process (DIACAP). Develops and maintains RMF documentation: Implementation Plans, POA&Ms, and RARs in order to obtain and maintain
• Managing Information Assurance Vulnerability Management (IAVM) program. Ensures compliance with DoD issuances, USCYBERCOM tasking orders (TASKORDs), IA Vulnerability Alerts (IAVAs), and DISA Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs).
• Ensuring computing environment is postured to minimize vulnerabilities and risk against cyber threats (e.g. malware, viruses)
• Validating system security settings, risk monitoring, IA controls and countermeasures are in accordance with DoD standards
• Validating IA control requirements based on Committee on National Security Systems Instruction (CNSSI) 1253 / National Institute of Standards and Technology (NIST) 800-53
• Performs RARs, vulnerability assessments, analyzes/interprets results from Assured Compliance Assessment Solution (ACAS) Scans, Security Content Automation Protocol (SCAP) scans
• Collaborating with engineers and developers to create or modify authorization boundary diagrams, as well as hardware and software lists
• Conducting vulnerability assessments of information systems and mitigate/remediate the results
• Building trust with customers and fostering a focus on Cybersecurity with team members/stakeholders

Clearance Information

SRC IS A CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP AS WELL AS A U.S. GOVERNMENT SECURITY CLEARANCE AT THE TOP SECRET / SCI LEVEL

Diversity & Inclusion

We strongly believe in the abundance of differences among individuals. We value different points of view and appreciate diverse perspectives. We truly believe this is what makes our organization inclusive and more responsive to the needs of our diverse customers.

EEO

Scientific Research Corporation is an equal opportunity and affirmative action employer that does not discriminate in employment. All qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, age, sexual orientation, gender identity, or national origin, disability or protected veteran status.