Rampant Technologies, LLC.
Cyber Security Engineer Fairfax, VA
Rampant Technologies, LLC., Jackson, Mississippi, United States
Overview
A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource that is part of the Rampant team, reporting to the Principal Engineer oversees the CSE team to deliver innovative Cyber Security solutions in alignment with the company’s goals.
Responsibilities
Subject-matter expert on problem identification, diagnosis, and resolution.
Develop best practices for processes and standards to improve the system.
Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and apply configuration updates as required to comply with security requirements.
Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.
Perform hardening of operations systems, COTS and open-source products.
Validate best practices in penetration testing, configuration analysis, and security assessment.
Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing.
Generate/maintain security accreditation artifacts associated with RMF process, including, but not limited to, Security Requirements Traceability Matrix and related artifacts.
Perform timely updates in accreditation database.
Provide technical guidance focused on information security architecture.
Key Skills, Education & Experience
Minimum of eight (3) years’ relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity; ideally three (3+) years of direct experience in the same role.
Techno-functional knowledge of/experience in:
Execution of the Assessment & Authorization (A&A) process in accordance with government requirements (e.g., ICD-503).
Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and related assessment criteria/procedures.
Integrity, availability, authentication, and non-repudiation concepts.
IT security principles and methods (e.g., firewalls, DMZs, encryption).
Network access, identity, and access management (e.g., PKI).
Security system design tools, methods, and techniques.
Relevant laws, policies, procedures, or governance related to critical infrastructure.
Management best practices on operating systems and applications; knowledge of Windows and Linux vulnerabilities.
Continuous monitoring processes as outlined in NIST SP 800-137, leveraging existing tools and incorporating automation techniques.
Virtualization technologies (e.g., VMware, Docker).
OSI model knowledge and understanding of protocols/services for common network traffic.
DoD/IC system security control requirements, XACTA and SNOW.
Security testing and penetration tools, including ACAS (Assured Compliance Assessment Solution).
Hands-on experience with Microsoft Office Suite and tools such as Project and Visio.
Certifications and Clearance
Active TS/SCI with Poly clearance required.
Current certification compliant with DoD 8570 IAM or IAT level 3, or obtain certification within 6 months of hire and maintain it during employment.
IAT Level II Certifications (Security+ or equivalent).
Equal Employment Opportunity Rampant Technologies is an Equal Employment Opportunity employer. We provide equal opportunity regardless of race, color, religion, sex, national origin, age, disability, or genetics. This description contains no confidential information and is intended for recruitment purposes in compliance with applicable law. The following voluntary self-identification information is requested solely to monitor the effectiveness of our EEO programs; responding is optional and will not affect employment decisions. Selection of categories is voluntary.
Voluntary Self-Identification For government reporting purposes, we may request information to assess outreach and positive recruitment efforts pursuant to VEVRAA. Completion is voluntary and confidential.
#J-18808-Ljbffr
Responsibilities
Subject-matter expert on problem identification, diagnosis, and resolution.
Develop best practices for processes and standards to improve the system.
Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and apply configuration updates as required to comply with security requirements.
Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.
Perform hardening of operations systems, COTS and open-source products.
Validate best practices in penetration testing, configuration analysis, and security assessment.
Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing.
Generate/maintain security accreditation artifacts associated with RMF process, including, but not limited to, Security Requirements Traceability Matrix and related artifacts.
Perform timely updates in accreditation database.
Provide technical guidance focused on information security architecture.
Key Skills, Education & Experience
Minimum of eight (3) years’ relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity; ideally three (3+) years of direct experience in the same role.
Techno-functional knowledge of/experience in:
Execution of the Assessment & Authorization (A&A) process in accordance with government requirements (e.g., ICD-503).
Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and related assessment criteria/procedures.
Integrity, availability, authentication, and non-repudiation concepts.
IT security principles and methods (e.g., firewalls, DMZs, encryption).
Network access, identity, and access management (e.g., PKI).
Security system design tools, methods, and techniques.
Relevant laws, policies, procedures, or governance related to critical infrastructure.
Management best practices on operating systems and applications; knowledge of Windows and Linux vulnerabilities.
Continuous monitoring processes as outlined in NIST SP 800-137, leveraging existing tools and incorporating automation techniques.
Virtualization technologies (e.g., VMware, Docker).
OSI model knowledge and understanding of protocols/services for common network traffic.
DoD/IC system security control requirements, XACTA and SNOW.
Security testing and penetration tools, including ACAS (Assured Compliance Assessment Solution).
Hands-on experience with Microsoft Office Suite and tools such as Project and Visio.
Certifications and Clearance
Active TS/SCI with Poly clearance required.
Current certification compliant with DoD 8570 IAM or IAT level 3, or obtain certification within 6 months of hire and maintain it during employment.
IAT Level II Certifications (Security+ or equivalent).
Equal Employment Opportunity Rampant Technologies is an Equal Employment Opportunity employer. We provide equal opportunity regardless of race, color, religion, sex, national origin, age, disability, or genetics. This description contains no confidential information and is intended for recruitment purposes in compliance with applicable law. The following voluntary self-identification information is requested solely to monitor the effectiveness of our EEO programs; responding is optional and will not affect employment decisions. Selection of categories is voluntary.
Voluntary Self-Identification For government reporting purposes, we may request information to assess outreach and positive recruitment efforts pursuant to VEVRAA. Completion is voluntary and confidential.
#J-18808-Ljbffr