Connsci
Cyber Systems Engineer (Top Secret Cleared)
Connsci, Washington, District of Columbia, us, 20022
Connsci is seeking a Cyber Systems Engineer to join one of our Federal programs. This individual will focus on ensuring internal security compliance of agency information systems in alignment with applicable federal cybersecurity standards and policies. They will also serve as the principal advisor to the Director of Information System Security on all cybersecurity matters-including technical, policy, and procedural issues-related to the design, implementation, monitoring, and maintenance of the organization's information security infrastructure.
Responsibilities:
Cybersecurity Operations
Conduct detailed analysis of scan data generated by vulnerability scanning tools (e.g., Tenable Nessus).
Prioritize vulnerabilities based on CVSS scores, asset criticality, exploit availability, and exposure.
Administer and use Active Directory, virtual machines (VMs), Windows registries, and Windows/Server environments
Use and operate application and patch management systems
Remediate vulnerabilities on client systems and servers.
Create, modify, and implement group policies to satisfy Security Technical Implementation Guide (STIG) requirements and vulnerabilities
Information Assurance
Monitor IT systems (re-authorization and new systems) throughout their life cycle for changes that may impact the security posture of the system.
Validate updates to the system security plans and the Plan of Actions and Milestones (POA&M) in the security assessment and management tool to reflect changes to the IT system.
Validate that controls applicable to the devices are properly implemented as part of the corresponding Risk Management Framework (RMF) and ATO packages
Remediation Research & Planning
Investigate vendor documentation, security bulletins (e.g., Microsoft, Cisco), and CVE advisories to identify precise remediation steps.
Research alternate remediation or mitigation options when patching is not feasible (e.g., configuration changes, registry edits, access controls).
Assess and document remediation impact, including potential service disruption, dependencies, and reboot requirements.
Support the Risk Management Framework (RMF) lifecycle, including control implementation, assessment preparation, and continuous monitoring.
Develop and maintain security documentation, including System Security Plans (SSPs), POA&Ms, and configuration management records.
Coordination with System Owners
Communicate vulnerability findings and associated risks.
Log and document remediation steps, test results, and lessons learned.
Test and Validate Remediation Activities
Implement, verify, and validate vulnerability mitigations and remediations are effective in test environments, where possible.
Perform before-and-after scans to validate successful remediation.
Basic Qualifications:
Bachelor's degree in IT, Computer Science, Engineering, or related field; or equivalent experience
At least 5 years of experience in Systems Administration, Systems Engineering, or Cyber Engineering
At least 3 years of experience with remediation of vulnerabilities on client systems and servers to include experience with Windows/Windows Server, Azure, Active Directory, and virtual machines (VMs)
At least 3 years of experience with cyber security and with security tools such as: Wireshark, Nessus, Tenable, Palo Alto, Splunk, CrowdStrike
At least one of the following certifications: Security+, CISSP, CISM, CISA, GSEC, CCNA-Security, SSCP, CAP, or CASP
Minimum current government clearance level of Top Secret or Public Trust High Risk Tier 4
Our ideal candidate will also have experience with:
Information Security Policies and Procedures
Risk Management Framework (RMF)
Security Technical Implementation Guides (STIGs)
Security Controls and Technologies
Incident Response and Handling
Security Auditing and Compliance
Regulatory and Legal Compliance
Security Incident Analysis
Software Development Lifecycle (SDLC)
Location:
This role allows for remote work but there is a chance for occasional time in office for critical/collaborative initiatives. The office location is in Washington, DC and is Metro and rail (Union Station) accessible.
About Connsci
At Connsci, our mission is to be a trusted strategic partner for our clients, helping them achieve impactful results by addressing mission-critical issues that affect their bottom line. We recognize the importance of customizing our services to best fit our clients' needs and understanding what it takes to propel their organizations forward. By implementing industry-leading best practices and leveraging our multifaceted experience and expertise, we deliver services that are essential for any organization aiming to reach its goals.
What You Can Expect:
Collaboration and Innovation : Work in an environment where collaboration and innovation are key. You'll have the opportunity to contribute to projects that make a real difference for our clients.
Professional Growth : Be part of a team that values professional development. We offer opportunities for growth and advancement, allowing you to enhance your skills and career.
Impactful Work : Engage in meaningful work that addresses mission-critical issues and supports organizations in achieving their goals.
By joining Connsci, you'll become part of a dedicated team that is committed to delivering strategic, impactful solutions tailored to our clients' unique needs, enabling them to achieve their goals with confidence and efficiency. If you're passionate about cybersecurity and IT services, and eager to contribute to a dynamic team, we encourage you to explore opportunities with us.
At this time, Connsci will not sponsor a new applicant for employment authorization for this position.
Connsci is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. Connsci makes hiring decisions based solely on qualifications, merit, and business needs at the time.
Responsibilities:
Cybersecurity Operations
Conduct detailed analysis of scan data generated by vulnerability scanning tools (e.g., Tenable Nessus).
Prioritize vulnerabilities based on CVSS scores, asset criticality, exploit availability, and exposure.
Administer and use Active Directory, virtual machines (VMs), Windows registries, and Windows/Server environments
Use and operate application and patch management systems
Remediate vulnerabilities on client systems and servers.
Create, modify, and implement group policies to satisfy Security Technical Implementation Guide (STIG) requirements and vulnerabilities
Information Assurance
Monitor IT systems (re-authorization and new systems) throughout their life cycle for changes that may impact the security posture of the system.
Validate updates to the system security plans and the Plan of Actions and Milestones (POA&M) in the security assessment and management tool to reflect changes to the IT system.
Validate that controls applicable to the devices are properly implemented as part of the corresponding Risk Management Framework (RMF) and ATO packages
Remediation Research & Planning
Investigate vendor documentation, security bulletins (e.g., Microsoft, Cisco), and CVE advisories to identify precise remediation steps.
Research alternate remediation or mitigation options when patching is not feasible (e.g., configuration changes, registry edits, access controls).
Assess and document remediation impact, including potential service disruption, dependencies, and reboot requirements.
Support the Risk Management Framework (RMF) lifecycle, including control implementation, assessment preparation, and continuous monitoring.
Develop and maintain security documentation, including System Security Plans (SSPs), POA&Ms, and configuration management records.
Coordination with System Owners
Communicate vulnerability findings and associated risks.
Log and document remediation steps, test results, and lessons learned.
Test and Validate Remediation Activities
Implement, verify, and validate vulnerability mitigations and remediations are effective in test environments, where possible.
Perform before-and-after scans to validate successful remediation.
Basic Qualifications:
Bachelor's degree in IT, Computer Science, Engineering, or related field; or equivalent experience
At least 5 years of experience in Systems Administration, Systems Engineering, or Cyber Engineering
At least 3 years of experience with remediation of vulnerabilities on client systems and servers to include experience with Windows/Windows Server, Azure, Active Directory, and virtual machines (VMs)
At least 3 years of experience with cyber security and with security tools such as: Wireshark, Nessus, Tenable, Palo Alto, Splunk, CrowdStrike
At least one of the following certifications: Security+, CISSP, CISM, CISA, GSEC, CCNA-Security, SSCP, CAP, or CASP
Minimum current government clearance level of Top Secret or Public Trust High Risk Tier 4
Our ideal candidate will also have experience with:
Information Security Policies and Procedures
Risk Management Framework (RMF)
Security Technical Implementation Guides (STIGs)
Security Controls and Technologies
Incident Response and Handling
Security Auditing and Compliance
Regulatory and Legal Compliance
Security Incident Analysis
Software Development Lifecycle (SDLC)
Location:
This role allows for remote work but there is a chance for occasional time in office for critical/collaborative initiatives. The office location is in Washington, DC and is Metro and rail (Union Station) accessible.
About Connsci
At Connsci, our mission is to be a trusted strategic partner for our clients, helping them achieve impactful results by addressing mission-critical issues that affect their bottom line. We recognize the importance of customizing our services to best fit our clients' needs and understanding what it takes to propel their organizations forward. By implementing industry-leading best practices and leveraging our multifaceted experience and expertise, we deliver services that are essential for any organization aiming to reach its goals.
What You Can Expect:
Collaboration and Innovation : Work in an environment where collaboration and innovation are key. You'll have the opportunity to contribute to projects that make a real difference for our clients.
Professional Growth : Be part of a team that values professional development. We offer opportunities for growth and advancement, allowing you to enhance your skills and career.
Impactful Work : Engage in meaningful work that addresses mission-critical issues and supports organizations in achieving their goals.
By joining Connsci, you'll become part of a dedicated team that is committed to delivering strategic, impactful solutions tailored to our clients' unique needs, enabling them to achieve their goals with confidence and efficiency. If you're passionate about cybersecurity and IT services, and eager to contribute to a dynamic team, we encourage you to explore opportunities with us.
At this time, Connsci will not sponsor a new applicant for employment authorization for this position.
Connsci is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. Connsci makes hiring decisions based solely on qualifications, merit, and business needs at the time.