• Cybersecurity Project Engineer

    Nightwing (Sterling, VA)


    Nightwing provides technically advanced full-spectrum cyber, data operations, systems integration and intelligence mission support services to meet our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization. Nightwing brings disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets.

     

    Job Title: Cybersecurity Project Engineer

     

    Clearance: TS/SCI Poly

     

    This position is CONTINGENT upon contract award

     

    The Cyber Security Project Engineer (CSE) supports the LSA to identify, design, and deploy security controls and subsystems to support the on-premises secure multi­ tenant infrastructure environment (CUSTOMER). The CSE collaborates with the Platform and Operations teams to integrate security controls into the IaaS environment. The CSE discovers and mitigates cybersecurity risks, assess the security controls implemented within and inherited by the system, understand and apply policies to address requests for information on cyber best practices, conduct risk assessments for specialized devices, and provide information system security expertise. Collaboratively works closely with Platform and Operations teams, Sponsor, Information System Security Officers and Managers, as well as the Authorizing Officials (AO) to conduct comprehensive CNSSI 1253 and NIST SP 800-53a assessments of the management, operational, and technical security controls. Daily tasks include, but are not limited to:

     

    + Work with LSA, technical team to develop template/tools for automating the deployment of security controls in the CI/CD pipeline and the continuous automated/enhanced assessments or O&M of vulnerability scan tools

    + Facilitates meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with team stakeholders.

    + Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans and security plans).

    + Identify and recommend mitigations for potential avenues of exploitation, including system level attacks and user level attacks.

    + Advises and assists with the Lifecycle Assessment and Authorization (A&A) process and development of Systems Security Plan (SSP)

    + Develops and documents security evaluation test plans and procedures

    + Develops SCA artifacts, including the Security Assessment Plan (SAP), Security Assessment Reports (SAR), and Remediation Actions

    + Experience with developing Plans of Action and Milestones (POA&Ms), including providing risk mitigation strategies, steps, and milestones.

    + Conducts hands on security testing, analyzes results, documents risks, and recommends countermeasures

    + Applies working knowledge of Industry Best Practices (e.g. SANS Top 20) National/International policies and standards and how they relate to the A&A process

    + Applies working knowledge of Intelligence Community Information Assurance policies and regulations and how they relate to the A&A process

    + Demonstrated experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation

    Required Skills:

    + Strong understanding of network security principles and technologies.

    + Experience with security tools and technologies (e.g., firewalls, intrusion detection systems, anti-malware software).

    + Knowledge of operating systems and their security configurations.

    + Familiarity with security protocols and standards (e.g., NIST Framework, ISO 27001).

    + Ability to identify and assess security vulnerabilities.

    + Strong problem-solving and analytical skills.

    + Excellent communication and interpersonal skills.

    + Ability to work independently and as part of a team.

    + Experience with scripting and automation.

    Desired Skills:

    + Experience with cloud security (e.g., AWS, Azure, GCP).

    + Knowledge of security information and event management (SIEM) systems.

    + Experience with incident response and forensic analysis.

    + Familiarity with various security frameworks (e.g., SCDO, OWASP).

    + Experience with ethical hacking techniques.

    + Experience with scripting languages (e.g., Python, PowerShell).

    + Ability to create and maintain security documentation.

    Desired Certs:

    + One or more of the following: CompTIA Security+, CISSP, CISA, CISM, CCSP, SSCP, GIAC Security Essentials

     

    _At Nightwing, we value collaboration and teamwork. You’ll have the opportunity to work alongside talented individuals who are passionate about what they do. Together, we’ll leverage our collective expertise to drive innovation, solve complex problems, and deliver exceptional results for our clients._

     

    _Thank you for considering joining us as we embark on this new journey and shape the future of cybersecurity and intelligence together as part of the Nightwing team._

     

    _Nightwing is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class._