National Security System (NSS) Engineer

Evolver Federal is seeking a National Security System (NSS) Engineer to support its Federal client in Springfield, VA in analyzing and mitigating risk for a portfolio of National Security Systems. The NSS Engineer will review and analyze system design and security architecture documentation as well as security documentation, including System Security Plans (SSPs) to identify areas of noncompliance with security requirements and security risk, also identifying discrepancies among documentation as it relates to technical implementation.

The successful candidate will have SME-level knowledge of security requirements for National Security Systems (NSS) with strong communication skills to clearly articulate security risk to stakeholders at all layers of the client organization.

Responsibilities

• Draft and maintain Standard Operating Procedures (SOPs) for internal and external processes.
• Analyze cybersecurity data (e.g., continuous monitoring, configuration, vulnerabilities, assets, software) to detect trends, and identify risks.
• Recommend risk mitigation strategies for common vulnerability trends identified.
• Develop procedures for continuous monitoring of network systems and devices.
• Manage and review NSS Performance Plan Metrics; report discrepancies to compliance leadership (ISSO and ISSM).
• Support audits (e.g., FISMA, GAO, OIG) with required documentation and responses.
• Review and analyze system design, architecture, and interconnection documentation, including Security Architecture Diagrams, and compare to System Security Plans (SSPs), identifying discrepancies and/or misalignments.
• Draft POA&Ms, and conduct POA&M analysis. Advise on development of mitigation plans and milestones, advise on closing artifacts, review artifacts and evaluate POA&M for closure, make recommendations to Federal Stakeholders.
• Provide input on waivers and/or accepted risks as it relates to POA&M management processes, including clearly articulating compensating controls in place to mitigate risk.
• Create Security Impact Analysis (SIA) reports based on engineering assessments.
• Develop and deliver presentations on security engineering topics to stakeholders across all levels of the organization.
• Apply in-depth working knowledge of continuous monitoring practices.
• Review and analyze security scan results as outputs from various scanning tools relevant to all layers: Operating System, application, and database,
• May be asked to execute scans using available tools in the government environment including Tenable Nessus and other web application and database scanning tools.

Basic Qualifications

• 5 years of related experience with Bachelor's degree or 8 years of overall related experience in a relevant field
• 1 year of experience with CNSS, CNSSI 1253, DoD and IC requirements, NIST 800-53 rev 5, NIST 800-37 rev 2 RMF, NIST 800-137, and FISMA Metrics
• 1 year of experience evaluating security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 1 year of experience documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
• 1 year of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
• 1 year of experience in client-engagement.
• Must have at least one cybersecurity certification such as: CISSP, CISM, CISA, CEH
• Must have Top Secret//SCI clearance and/or ability to obtain clearance prior to start date

Preferred Qualifications

• 2 years of experience with CNSS, CNSSI 1253, DoD and IC requirements, NIST 800-53 rev 5, NIST 800-37 rev 2 RMF, NIST 800-137, and FISMA Metrics
• 2 years of experience evaluating security controls in accordance with NIST 800-53 in/ in support of the Federal Government to include evaluating and validating security controls for NSS systems.
• 2 years of experience with documenting POA&Ms and managing the entire POA&M lifecycle, from open to closure.
• 2 years of experience executing continuous monitoring activities, including those supporting vulnerability management and configuration management.
• Ability to communicate technical concepts clearly and effectively via written and verbal communication in both formal and informal situations to audiences of technical and non-technical skillsets.
• Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
• Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
• Excellent organizational skills and attention to detail.
• Experience interpreting and analyzing scan results from Tenable.
• Familiarity with outputs of various scanning tools used to scan Web Applications (such as Burp Suite, WebInspect, Acunetix, or similar) and Databases (Tenable Nessus, DbProtect, ARCAT, etc.)
• Strong analytical, critical thinking, and problem-solving skills.

Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.