<p>The Cybersecurity Engineer supports the Risk Management Framework (RMF) and Authorization & Accreditation (A&A) processes for DoD systems. You'll work to ensure systems are secure and compliant with federal cybersecurity standards and help guide them through the RMF lifecycle, from initial assessment to ongoing monitoring.</p> <p>As a Cybersecurity Engineer, you will play a critical role in helping secure systems from emerging threats while maintaining compliance with stringent RMF and A&A requirements:</p> <ul> <li>Lead the implementation of the RMF process for various DoD systems, ensuring that security controls and protocols meet the appropriate security categorization and risk management requirements </li><li>Manage the Authorization & Accreditation (A&A) process for systems and applications, from initial security categorization through continuous monitoring and final authorization </li><li>Assist in the selection, implementation, and validation of security controls based on NIST SP 800-53, CNSSI 1253, and other relevant DoD guidance </li><li>Develop, review, and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), and other RMF-related documentation </li><li>Conduct security assessments and vulnerability scans to identify and mitigate risks to DoD systems </li><li>Establish continuous monitoring procedures, ensuring the ongoing effectiveness of security controls and compliance with security requirements </li><li>Work with developers, system administrators, and other cybersecurity professionals to implement security best practices throughout the software development lifecycle and system operations </li><li>Assist in responding to and investigating cybersecurity incidents, ensuring that appropriate containment, remediation, and recovery actions are taken </li><li>Provide technical recommendations and progress reports to leadership regarding the status of cybersecurity compliance, risks, and vulnerabilities </li><li>Ensure all systems remain compliant with applicable DoD, NIST, and FISMA cybersecurity requirements through proper documentation and regular audits </li></ul> <p>Required Skills and Qualifications</p> <ul> <li>Must possess BA or BS degree with 12 years of experience in cybersecurity engineering, with a strong focus on Risk Management Framework (RMF) and Authorization & Accreditation (A&A) processes within a DoD or government contracting environment </li><li>In-depth understanding of the Risk Management Framework (RMF) as outlined by NIST SP 800-53, NIST SP 800-37, and other related standards </li><li>Proven experience managing the Authorization & Accreditation (A&A) process for DoD systems, including the preparation of System Security Plans (SSP) and Security Assessment Reports (SAR) </li><li>At least one of the following: CISSP, CISM, Security+, or CASP+ </li><li>Familiarity with the NIST Cybersecurity Framework (CSF), NIST SP 800-53, CNSSI 1253, and other applicable federal cybersecurity standards </li><li>Experience with selecting, applying, and assessing security controls for systems, networks, and software </li><li>Hands-on experience with security tools for vulnerability scanning, configuration management, and continuous monitoring (e.g., Nessus, ACAS, SCAP, DISA STIGs) </li><li>Strong ability to produce clear, concise security documentation </li><li>Knowledge of tools like Terraform or CloudFormation for automated provisioning of cloud resources </li><li>Excellent verbal and written communication skills </li></ul> <p>C2 Essentials is an Equal Opportunity Employer.</p>