Rampant Technologies
Cyber Security Engineer
A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource that is a part of the Rampant team reporting to the Principal Engineer overseeing the CSE team to deliver innovative Cyber Security solutions that are in alignment with the company's goals. SME on problem identification, diagnosis, and resolution of problems Develop best practices for processes and standards that will better the system Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements. Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones. Perform hardening of ops systems, COTS and open-source product Validate best practices in Penetration testing, Configuration analysis, and Security Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing. Generating/maintaining security accreditation artifacts associated with RMF process to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, Continuous Monitoring Plans Perform timely updates in accreditation DB Provide technical guidance focused on information security architecture. Minimum of eight (3) years' relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity is required; ideally three (3+) years of direct experience in the same level/grade for like role. Techno functional knowledge of/experience in: Execution of the Assessment & Authorization (A&A process) in accordance with government requirements (e.g. ICD-503) Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A. DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures Integrity, availability, authentication, and non-repudiation concepts IT security principles and methods (e.g., firewalls, demilitarized zones, encryption) Network access, identity, and access management (e.g., public key infrastructure [PKI]) Security system design tools, methods, and techniques Relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure. TCP/IP networking technologies, Linux account administration, Linux folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and Linux platforms. Continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques. Virtualization technologies (e.g. VMWare, Docker) OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic DoD/IC system security control requirements XACTA and SNOW Security testing and penetration tools that include Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire, etc Hands on experience and proficiency with the full Microsoft Office Suite and tools such as Microsoft Project, Microsoft Visio Self-starter/motivator Must have certifications (certifications with * indicate willing to hire if certification is within 3-6 months of finalizing): Active TS/SCI w/ Poly clearance required Current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment. MUST meet DoD 8570 IAT Level III requirements IAT Level II Certifications (Security+ or equivalent)
A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource that is a part of the Rampant team reporting to the Principal Engineer overseeing the CSE team to deliver innovative Cyber Security solutions that are in alignment with the company's goals. SME on problem identification, diagnosis, and resolution of problems Develop best practices for processes and standards that will better the system Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements. Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones. Perform hardening of ops systems, COTS and open-source product Validate best practices in Penetration testing, Configuration analysis, and Security Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing. Generating/maintaining security accreditation artifacts associated with RMF process to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, Continuous Monitoring Plans Perform timely updates in accreditation DB Provide technical guidance focused on information security architecture. Minimum of eight (3) years' relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity is required; ideally three (3+) years of direct experience in the same level/grade for like role. Techno functional knowledge of/experience in: Execution of the Assessment & Authorization (A&A process) in accordance with government requirements (e.g. ICD-503) Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A. DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures Integrity, availability, authentication, and non-repudiation concepts IT security principles and methods (e.g., firewalls, demilitarized zones, encryption) Network access, identity, and access management (e.g., public key infrastructure [PKI]) Security system design tools, methods, and techniques Relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure. TCP/IP networking technologies, Linux account administration, Linux folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and Linux platforms. Continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques. Virtualization technologies (e.g. VMWare, Docker) OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic DoD/IC system security control requirements XACTA and SNOW Security testing and penetration tools that include Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire, etc Hands on experience and proficiency with the full Microsoft Office Suite and tools such as Microsoft Project, Microsoft Visio Self-starter/motivator Must have certifications (certifications with * indicate willing to hire if certification is within 3-6 months of finalizing): Active TS/SCI w/ Poly clearance required Current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment. MUST meet DoD 8570 IAT Level III requirements IAT Level II Certifications (Security+ or equivalent)