Cyber Security Engineer

Arcfield is a leading provider of full lifecycle, mission-focused systems engineering and integration capabilities to the U.S. government and its allies. The company has more than 60 years of proven experience providing advanced engineering and analysis, IT and C5ISR capabilities to support our nation’s most critical national security missions. Headquartered in Chantilly, VA and with 16 offices around the world, Arcfield employs approximately 1,200 engineers, analysts, IT specialists, and other professionals who put our customers’ missions first, helping them solve their most complex challenges through innovations in modeling, simulation and analysis, digital transformation and C5ISR. Visit arcfield.com for more details.

Seeking a strong cyber security engineer (CSE) or information security systems engineer (ISSE) to assist in establishing, coordinating, and maintaining our cloud service provider (CSP) cyber security posture and perform risk analysis within CLOUDworks Security.

CLOUDworks Security manages security assessments, security compliance, change management, and continuous monitoring responsibilities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud) The position requires a healthy mix of technical and policy knowledge. Candidate shall understand and have experience implementing services to intelligence community standards like ICD 503, NIST Risk Management Framework and cloud technologies. Responsibilities include, but are not limited to the following:

• Lead technical exchange meetings with cloud service provider to review cloud service architecture
• Evaluate data flow and architecture diagrams of cloud services for compliance with security standards.
• Assist with reviewing, maintaining, and ensuring all Assessment and Authorization (A&A) documentation, including Customer’s security plans, are complete, of high quality, and ready for authorization.
• Assist with developing risk mitigation strategies, solutions, and recommendations through conducting and/or participating in holistic information security testing assessments.
• Perform and provide the risk tradeoff analysis that weighs competing equities of cyber security compliance, cost, and mission needs.
• Assist with developing, documenting, and assessing measures and metrics as they pertain to information security assessments and risk acceptance.
• Provide guidance and recommendations concerning all aspects of the Commercial Cloud Enterprise (C2E) A&A, the functions of sub-processes, and the impact of changes when required.
• Review Plan of Actions and Milestones (POA&Ms) to ensure programs are making progress in mitigation risk to system

• Must possess and maintain a TS/SCI clearance with a polygraph
• BS 12-15, MS 10-13, PhD 8-10
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• Multiple years’ relevant experience (minimum 5 years, 10+ years is strongly desired) in cyber security with a passion to learn in a fast-paced environment
• The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cyber security related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring tools and systems
• Self-starter mentality
• Familiar with Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud and Microsoft Azure cloud architecture or willingness to study independently to pick up expertise in one or many cloud vendors
• Strong communication skills are required to engage with internal stakeholders and external stakeholders across intelligence community.
• Ability to conduct TEMs with cloud service providers on cyber security topics.
• Knowledge and experience of intelligence community security policies; relevant federal and private standards and requirements (e.g., ICD 503, CNSSI 1253, NIST SP 800-53)
• Experience working with a federal information security program and collaborating with security control assessors (SCAs).
• Ability to understand and convey threats and impact of threats related to the results of a security assessment.
• Familiar with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools (e.g., Rapid 7, Nessus, Qualys).
• Experience with creating, monitoring, and closing system or service Plans Actions and Milestone items (POA&Ms).
• Experience with utilizing compliance tools to track assessment and authorization activities (e.g. Xacta 360, Risk Vision, RSA Archer).
• Knowledge of common control provider concept within NIST Risk Management Framework.

Desired Qualifications: 

• Ability to provide technical cyber security guidance
• Ability to convey technical information to non-technical individuals
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies
• Ability to work in a dynamic and challenging environment

EEO

Arcfield proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active-Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.