Federal Cybersecurity Engineer

Who Are We? 
Groundswell is a premier technology integrator resolutely committed to solving the most complex challenges facing federal agencies today. Our name, Groundswell, represents our commitment to be an unstoppable, seismic change in government. Ours is a small company culture with big company reach and results.  Are you ready to be audacious, be bold and drive change at a rapid pace?  Join us, where we’ll make a greater impact together.
 

What You'll do:

Groundswell is seeking a Federal IT Cybersecurity engineer with experience in Department of Defense cybersecurity authorization. In this role, you will act as an Information System Security Officers (ISSO), collaborate with the Government, and guide the project team through the ATO process for complex security requirements including unclassified IL4/5 and classified network authorizations.

Job Objectives and Responsibilities

• Serve as a cybersecurity project liaison with multiple system ISSOs working to ensure security objectives are met as well as ensuring security improvement actions are evaluated, validated, and implemented as required

• Serve as the cybersecurity leader assisting with conduct of Assessments and Authorizations, including responsibility to maintain security controls and related artifacts for compliance with FISMA, NIST, and IRS standards in the agency cybersecurity information management system

• Assessment and Authorization (A&A) work includes, but not limited to, technical documentation, working authorization packages in Xacta assessing cybersecurity vulnerabilities, engineering responses for system Plan of Action and Milestones (POAM), conducting risk analysis for Risk Acceptance Requests (RAR) and providing cybersecurity support for the program

• Support all Risk Management Framework (RMF) activities to include obtaining Interim Authority to Test (IATT), Authority to Operate (ATO) and supporting Ongoing Security Assessments (OSA) including updating control implementation statements and providing evidence to compliance assessment activities

• Support creating or updating security documentation such as System Security Plan, Contingency Plan, Incident Response Plan, Privacy Impact Assessment, and other similar documents

• Assist determining typical sets of controls such as firewalls, security of business systems, data leakage protection systems, patching, encryption, vulnerability scanning, pen testing

• Document and maintain all security tools and technology

• Keep the management informed on the state of the information security program

• Any other tasks as required / tasked by the management team

Skills, Knowledge and Experience Required

• US Citizen with active Top Secret or SCI clearance, preference given to candidates with active SCI DoD security clearance, or candidate must be clearable per contract requirements

• Must be local to DC metro area for working in SCIF approximately 3-4 days per week

• 7+ years' experience in cybersecurity documentation and system authorization artifacts in DoD environment (system security plan, lifecycle documentation, continuous monitoring plan, security assessment plan, security assessment report, risk assessment, etc.)

• Strong working knowledge of Information Assurance (IA) concepts such as patch management, multi-factor authentication, host-based security, intrusion detection, security event management and defense-in-depth is required

• Working knowledge of cybersecurity controls for the assessment of mission systems

• Working knowledge of Information Assurance (IA) technologies, NIST standards, DoDI 8500.2 and SP 800-53, DoD cyber security policy requirements set forth in DoDI 8500.01, “Cybersecurity,”  and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology (IT)”

• Recent hands-on Assessment and Authorization (A&A) experience with extensive Risk Management Framework (RMF) packages

• Experience with Plan of Actions and Milestones (POAM), Information Assurance Vulnerability Management (IAVM), and compliance reporting for mission systems

• DoDI 8570 certification (i.e.,  GSEC,  Security+,  SCNP,  SSCP) or higher

• At least one Security Certification (in order of preference):

  • Certified Information Systems Security Professional (CISSP)

  • Certified Info Sys Auditor (CISA)/Certified Info Sec Manager (CISM)

  • Certified Ethical Hacker (CEH)

  • Other similar certs may be acceptable on a case-by-case basis

• Experience interpreting and implementing security controls for Impact Level 4 and higher systems

• Experience with Department of Defense (DoD) Risk Management Framework requirements

• Ability to use current industry methods for evaluating, implementing, and disseminating IT security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities

Preferred Experience/Skills: 

• Experience with FedRAMP authorized and Impact Level Cloud Service Offerings (CSOs)

• Experience updating information in Xacta and/or eMASS system

• Working knowledge of being an ISSO or ISSE

• Knowledge of vulnerability information dissemination sources (e.g., advisories, errata, and bulletins)

• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

• Familiarity with DISA STIGs and DoD cybersecurity requirements

Skills:

Certification:

Why You’ll Never Want to Leave:

• Comprehensive medical, dental, and vision plans 

• Flexible Spending Account 

• 4% 401K Match (immediate vesting) 

• Paid Time Off 

• Tuition reimbursement, certification programs, and professional development

• Flexible work schedule

• On-site gym and childcare option 

The salary range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to skill sets, experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for any applicable geographic differential associated with the location at which the position may be filled. At Groundswell, it is not typical for an individual to be hired at or near the top of the range for their role, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is:

NOTE: Groundswell does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Groundswell, and Groundswell will not be obligated to pay a placement fee.

Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.

Read a copy of the Company’s Non-Discrimination Policy Statement.
Additional Resources:

• EO 13496 Notification of Employee Rights under NLRA

• Know your rights: Workplace Discrimination is Illegal
   

Disability Accessibility Accommodation: If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact us at [email protected] or 703-639-1777.