Cyber Security Project Engineer

Cyber Security Project Engineer

Rapid Cycle Solutions LLC (RCS) is an innovative small business providing IT and management consulting services to the U.S. Federal Government and commercial clients. We have unique strengths in complex, cross-organizational solution analysis, design, development, implementation, and change management supporting enterprise requirements. Our team of professionals has deep consulting backgrounds supporting the unique needs of our clients. Our team members have proven experience leading strategic initiatives within the civilian Government agencies.

RCS is seeking a Cyber Security Project Engineer to support a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. It requires subject matter expertise in technical risk analysis of enterprise and mission systems, IT systems and networks, mobile and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of technical risk assessment activities. It also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding.

This position requires the candidate to work onsite in Chantilly, VA. Relocation assistance is not available.

What you will do:

• Perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies.
• Gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts of a given technology implementation being evaluated, from which real insights can be derived to inform risk assessors judgement.
• Apply consistent and systematic investigative practices to comprehensively assess risks, identify and characterize threats and vulnerabilities.
• Evaluate system or network operations using network management platforms, network scanning tools, auditing functions, PCAP captures, and log reviews.
• Analyze system, network, or cloud configurations for mis-configured settings, configurations not required for deployment, removal of test scripts to minimize the configuration to fulfill the specific deployment.
• Analyze hardware and software used in a system or network for origin of manufacturer, known vulnerabilities, outdated hardware or software.
• Remain current with existing and future technologies to assist the Sponsor with identifying associated risks of implementing proposed technologies.
• Provide guidance of potential cyber threats, attacks, and exploitations and advise decision-makers of the inherent risks and mitigation to the Sponsors equities.
• Ensure appropriate risk mitigation considerations are baked in early in the development cycle, and risks and vulnerabilities are well understood and appropriately mitigated.
• Organize and schedule work to effectively manage a case load
• Track, document, and communicate progress status updates and weekly status updates on all technical risk assessment reports, cases describing potential security concerns and mitigations to enhance security posture.

Required Qualifications/Education:

• Clearance: Active TS/SCI clearance with CI Polygraph
• Cyber Security Support:
• Analyzing IT systems for cyber security vulnerabilities.
• Developing IT system or network architecture design, conducting IP data flow analysis, encryption configuration, and vulnerability analysis using both open-source and commercial tools, such as Nmap, Wireshark, Metasploit, Canvas, Kismet, or BackTrack.
• Analyzing IT network configurations of devices such as firewalls, routers, switches, VPNs, or Intrusion Detection/Prevention Systems for cyber security vulnerabilities.
• Communications protocols such as IP, TCP, UDP, HTTP, HTTPS, MPLS, OSPF, IGRP, BGP, SIP, H.232.
• Multiple OSs, including Windows, Linux, and OSX.
• Microsoft Windows ver.; 7, 8, 10, 2008R2, 2012, 2012R2, or 2016.
• Cloud computing technology and hypervisors such as HyperV, VMWare ESX, or Virtual Box.
• Transitioning security domains and use of cross domain appliances.
• Network management systems, network storage, backup systems, and disaster recovery (DR) architectures.
• Performing technical risk assessments and providing technical risk mitigation guidance.
• Ensuring appropriate risk mitigation considerations, risks and vulnerabilities are well understood and appropriately mitigated.
• Analyzing procurement processes of hardware, software and services to comply with cyber security and operational needs.
• Creating concise and well-structured written assessments.
• Certifications: CISSP Certification.

Nice to Have Qualifications:

• Cyber Security Support.
• IT review boards.
• Providing recommendations to IT architecture and design reviews.
• Security policies and regulations.
• Providing recommendations in technical standards, security standards, and operational assurance.
• USG standards such as Intelligence Community Directive (ICD) 503, Federal Information Processing Standards (FIPS), National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-60.
• Certifications: Certified Information Security Manager (CISM), Certified Ethical Hacker.

RCS is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Our company uses E-Verify to confirm the employment eligibility of all newly hired employees. To learn more about E-Verify, including your rights and responsibilities as an applicant, please visit www.dhs.gov/E-Verify

All RCS work locations are drug-free workplaces.