Product Security Engineer
Must be U.S. Citizen for export compliance
Must have secret clearance to start
Pay rate: $ 50.13 - $62.65 (based on experience and education).
Position Responsibilities:
The candidate will partner directly with the Cyber Engineering organization to embed and validate cybersecurity solutions on the C2BMC platform at COS HWY-83, ensuring that all security controls are correctly implemented and fully tested.
They will serve as the primary liaison with the Cyber Test Facility (CTF) at MIDOC, where they will coordinate test events, validate test plans submitted by cyber teams, and will be required to brief program leadership on their analysis of the test plan while assisting the teams in identifying the specific cyber requirements needed for successful execution.
In addition, the role supports cyber teams by facilitating the timely delivery of capabilities and solutions while maintaining a strong focus on vulnerability management.
Responsibilities include end-to-end handling of Information Assurance Vulnerability Management (IAVM) tickets, Cyber Tasking Orders (CTO), Common Vulnerabilities and Exposures (CVE) remediation, vendor-issued patch integration, and the application and verification of DISA STIG configurations.
Required Qualifications:
Generally has 3+ years of related experience and may have a post-secondary degree or training in a related discipline.
Must have an active full secret DoD Secret security clearance, at start.
Must have a DoD 8140 IAT-Level II certification (e.g., Security+ or higher), at start.
The position requires a strong working knowledge of cyber capabilities including patch management, multi-factor authentication, host-based security, intrusion detection, security event management, active/passive system scanning, and defense-in-depth.
Must possess a strong working knowledge of core cyber capabilities including patch management, Group Policy Object (GPO) management, and proven remediation techniques for addressing cybersecurity vulnerabilities and threats as well as security-engineering expertise in Information Assurance (IA) technologies, NIST standards, DoDI8500.2, and Risk Management Framework (RMF) security controls.
The candidate must have hands-on experience throughout the Agile development lifecycle, specifically using the Scrum framework identifying requirements, defining user stories, and participating in sprint planning, daily stand-ups, and sprint reviews.
In this role, the individual will review test plans and test cases supplied by development teams, verify that they are correctly implemented, execute the tests, and provide clear, actionable feedback to ensure compliance with cyber security requirements.
Experience configuring cyber audit tools, performing cyber vulnerability assessments, and handling configuration activities is also required.
A solid understanding of Software Development Life Cycle (SDLC) models and testing processes, combined with proficiency in cyber-tool software applications, is essential.
Leadership experience, strong interpersonal skills, and the ability to support complex organizational relationships are necessary.
Excellent technical writing and verbal communication skills are needed to present technical cyber issues and reports to government stakeholders, program management, and other C2BMC functional areas.
Preferred Qualifications:
An individual with wide application of principles, theories, and concepts in their field and provides solutions to a wide range of difficult problems with imaginative and thorough solutions; works under general direction, and results are reviewed upon completion for adequacy in meeting objectives; failure to achieve results normally results in serious program delays and considerable expenditure of resources; frequent internal and external customer contacts and represents the organization in providing solutions to difficult technical issues associated with specific projects.