Security and Compliance Engineer

Sev1Tech is looking for a Cybersecurity Engineer to assist our clients with Risk Management Framework (RMF), NIST 800-171, ATO, and Cybersecurity Maturity Model Certification (CMMC) compliance and implementation.

• Taking a consultative approach, assist clients in defining and implementing cybersecurity policies and procedures
• Work closely with client System Administrators with the identification of vulnerabilities on all customer server assets, including Windows, Unix, and Network devices
• Assist admins with hardening of systems to comply with DISA Security Technical Implementation Guides (STIGs)
• Ensure DISA STIG compliance, interpretation, and analysis of results as well as remediation
• Assist in the Authority to Operate (ATO) support evaluating NIST controls in both a FISMA Moderate and High Environment
• Perform system maintenance on security-related tools; evaluate, test, and integrate upgrades
• Scan, patch, remediate, provide mitigation strategies, and document security vulnerabilities in operating systems and applications
• Assist in defining and writing security policies to support FedRAMP, FISMA, Federal Compliance, NIST Compliance, HIPAA Compliance, ISO Standards, and SOX Compliance
• Assist and lead security audits
• Generate bi-weekly vulnerability reports to send out to customers
• Assist in the operation and maintenance of an enterprise level Security Information and Event Management (SIEM)
• Follow security policies and create/maintain existing information system security documentation
• Assist in the development, design, and coding of new systems or components, and troubleshoot & debug problems occurring within existing platforms and resolve issues using enterprise level tools
• Assist with the evaluation of threats and impact as identified by the government and/or security tools
• Other duties as assigned

Salary: $90K to $140K BOE

• Bachelor’s Degree in Cybersecurity, Computer Science, Systems Engineering, Information Technology or related field or experience equivalent with 5-7 years of relevant work experience.
• Experience working with Federal Government contracts
• Prior Security Consulting experience
• Experience leading Cybersecurity/Information Security audits
• Must have a thorough understanding of cyber threats, information security, and monitoring & detection using the latest monitoring tools.
• Minimum of 4 years’ experience working with security technologies including exposure to AWS/Azure cloud environments
• Cloud Security Experience - Amazon, cloud security tools
• Experience with authoring and maintaining security authorization documentation specific to FISMA and FedRAMP related controls at up to the “High” impact level
• Background with Risk Management Framework (RMF), ICD 503, NIST 800-171 with DFARS, NIST SP800-53 and 53a or DCID 6/3; knowledge of current authorization practices; Background with DITSCAP/DIACAP may be substituted in some cases.
• Strong experience with Microsoft 365 platform, including Outlook, SharePoint, and Microsoft Teams, etc.
• Experience with enterprise level security tools (SIEM and vulnerability scanning), specifically LogRhythm, Splunk, ElasticSearch 
• Possess excellent oral and written communication skills and proven interpersonal skills
• Demonstrates ability to multi-task, internally driven to meet organizational goals with often quick deadlines.
• Must be a self-starter passionate about expanding their IT capabilities
• Multi-task in a team-oriented environment with the ability to manage concurrent objectives, take initiative and maintain client confidentiality with the ability to work independently
• SECRET Government Clearance 

• Vendor and Security certifications
• Strong verbal and written communications skills, including creation of SOPs, maintenance plans, network drawings.
• Strong analytical abilities
• Must possess a strong client focus
• Experience with AWS networking and security architectures