Founded in 2009, RSC2, Inc. is a Small Business Administration (SBA) Certified HUBZone Professional Services company headquartered in Baltimore, Maryland. RSC2 provides breakthrough expertise, support services, and technologies to make operations, programs and systems of record perform better. Our professional staff is trained to provide world-class services to all types of customers. We uphold the integrity and quality of our work so you can expect only the best from us.
We are looking for a Cybersecurity Engineer I to join our growing company! This position serves as a subject matter expert on Cybersecurity/Information Assurance activities based upon a comprehensive knowledge of the principles, policies such as DoD Instruction 8500.01, DoD Instruction 8510.01, AR 25-1 and AR 25-2, pertinent laws, regulatory requirements and procedures applicable to each PEO program management office, PEO headquarters staff, and other external organizations.
The Cybersecurity Engineer shall serve as a subject matter expert on Cybersecurity/Information Assurance activities based upon a comprehensive knowledge of the principles, policies such as DoD Instruction 8500.01, DoD Instruction 8510.01, AR 25-1 and AR 25-2, pertinent laws, regulatory requirements and procedures applicable to each PEO program management office, PEO headquarters staff, and other external organizations. This position is located at APG, MD.
What you'll do:
The Cybersecurity Engineer will be responsible for the following but not limited to:
• Assist the Designated Approving Authority (DAA/AO) in the review of Cybersecurity packages (DICAP/RMF) for content and presentation of evidence of proper implementation of Cybersecurity requirements. Provide feedback and consultation to Information System Security Officers (ISSOs) and assist them in getting the Approval to Operate (ATO), Interim Approval to Operate (IATO), Interim Authority to Test (IATT), and Approval to Connect (ATC) packages to the PEO standard.
• Assist PMs in developing Cybersecurity Strategies (CSSs) as required by the Clinger-Cohen Act and DoD Acquisition policy, coordinate these CSSs with HQDA for Army CIO/G6 Approval in order to support major milestone decisions.
• Respond to tasking from HQDA, PEO IEW&S Staff, CECOM Staff, other agencies, and Warfighters in the field as they relate to Cybersecurity for PEO IEW&S Tactical and Developmental systems. (Such as: Public Key Infrastructure & Host Based Security Systems waivers & exemptions, Windows XP, Vista, and Server 2003 elimination.)
• Maintain the APMS (Army Portfolio Management Solution) database for tracking Information Assurance accreditation status, and providing portfolio (acquisition) management oversight of all the Program Managers projects, for FISMA (Federal Information Security Management Act) compliance.
• Manage and maintain on-line repository of current PEO IEW&S Authorization and Accreditation (A&A) documentation within eMASS and the Army Knowledge On-line (AKO)-SIPRNET.
• Provide Cybersecurity engineering support.
• Provide consultative service to PM staff with regard to the implementation of the Risk Management Framework (RMF) and associated security controls.
• Provide subject-matter expertise for the implementation of component-level policy, coordinate exceptions to policy at the headquarters level for tactical equipment and mission requirements.
• Identify cybersecurity requirements for systems in acquisition or development to comply with published RMF requirements, Security Technical Implementation Guides (STIGs), policies, and analyze the requirements development and design process across the seven program offices of PEO IEW&S.
• Provide leadership portions of Army vulnerability management and Assess and Authorization (A&A) processes, including analyzing, reviewing, or verifying Plans of Action and Milestones (POA&Ms), evaluating the overall risk posed by vulnerabilities to Army missions, networks, and data, and making recommendations to the Authorizing Official.
• Lead A&A activities within established timelines, recommend courses of action for program managers and system owners to ensure compliance with FISMA, DoD and Army standards, and policy, and maintain an acceptable level of risk.
• Support the development of cybersecurity education, training, mitigation strategies, and cybersecurity awareness at the headquarters level.
• Develop processes to assist the Army in the development and lifecycle of information system eMASS packages; this includes creating templates and how-to guides for implementing waivers, documents, and other important system artifact requirements.
• Serve as SME to provide technical guidance and recommendations to staff, stakeholders and leadership on all aspects of cybersecurity.
• Oversee product teams to ensure cybersecurity objectives are met. Plan, execute and provide technical expertise in obtaining authority to operate (ATO) or appropriate interim authorities
• Hybrid telework schedule with option of RDO
• Set schedule M-F, 8 hours
Requires a Bachelor's degree.
Minimum of 4 years of experience.
Extensive knowledge of eMASS.
Experience with ATO, A&A, RMF, POA&Ms.
Experience with data calls and technical writing.
CISSP+ certification preferred, or any of the following: HCISSP, CAP, CASP+ CE, CISM, GSLC, CCISO.
Secret clearance required.
BS 5-7 Years, MS 3-5, PhD 0-2
Work Location: Aberdeen, MD
Employment Type: Full-time, Salary-Exempt
Benefits Package: We offer a top tier benefits package which includes medical, dental, vision, PTO, employer matching retirement plan, and more!
We are an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic. The EEO is the Law poster is available here.