RCT is seeking a motivated Cyber Security who will act as a Cyber Security resource with experience in system engineering, application development, and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A) of IT systems. The candidate will be directly involved in supporting customer efforts through the various facets of the RMF, specifically step 6 Continuous Monitoring and the A&A process. The candidate will conduct comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The candidate will also provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its operational environment and recommend corrective actions to address identified vulnerabilities. The candidate will monitor IT Systems for system security-relevant changes, updates, and vulnerability patching as well as ensure audit logs are flowing to the enterprise repository.
1. Demonstrated work experience recommending security best practices for both on premise and cloud architectures, promotes cost-effective and efficient systems solutions consistent with Enterprise Architecture, program objectives, and measures of performance.
2. Demonstrated work proficiency in developing risk assessment reports based on review of security plans and interviews with developer/customer, assess systems against Information Assurance policies and regulations.
3. Demonstrated work expertise in coordinating and performing security testing, analyzing and documenting test results, documenting risk and recommending mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.
4. Demonstrated work proficiency in testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation.
5. Splunk Core Certified Power User Certification
6. Demonstrated work experience with installing, running, and analyzing results, to include vulnerability and compliance-oriented software for system security testing such as: Splunk Enterprise Security, WebInspect, AppDetective, and NESSUS.
7. Demonstrated work experience with Splunk including writing queries, building dashboards, analyzing results, and communicating those results to sponsor’s management through reporting.
8. Demonstrated work experience advising and collaborating with all team members (technical and non-technical) using excellent written and verbal communication skills.
9. TS/SCI with poly
1. Bachelor or Master's degree in Computer Science, Cyber Security.
2. Experience working with NIST Cyber Security polices such as NIST 800-137, 800-53 and CNSSI 1253.
3. Identity and Authentication Technologies.
4. One or more of the following: Cloud Provisioning; CISSP; CEH; and CISA.
5. Experience with Amazon Web Service, Security Fundamental or Engineering.
RCT Systems is an Equal Employment Opportunity Employer. Qualified applicants will receive consideration for employment without regards to race, color, religion, sex, sexual orientation, gender identity, national origin disability or protected veteran status.