Senior Cybersecurity​/IT Systems Engineer

Technovative Applications

The Senior Cybersecurity / IT Systems Engineer is responsible for designing, implementing, and maintaining secure IT environments supporting both Classified and Controlled Unclassified Information (CUI) systems. This role ensures full compliance with DoD cybersecurity requirements, including CMMC, NIST standards, and RMF, across networked, standalone, and air-gapped environments. This position owns end-to-end security posture, including system hardening, identity management, network security, and audit readiness.

• Implement and maintain controls aligned with Cybersecurity Maturity Model Certification (Level 2/3)
• Ensure compliance with NIST SP 800-171 (CUI) and NIST SP 800-53 (Classified systems via RMF)
• Support Risk Management Framework processes including system categorization, control selection, implementation, assessment, and ATO lifecycle
• Develop and maintain SSPs, POA&Ms, and audit artifacts
• Prepare systems for C3
  
  PAO assessments and government accreditation

• Design, implement, and maintain environments handling:
  • Controlled Unclassified Information (CUI)
  • Classified data (Secret and above)
• Enforce strict separation between classified, CUI, and unclassified networks
• Implement cross-domain and data transfer controls per DoD policy
• Ensure compliance with data handling, marking, storage, and transmission requirements
• Support SCIF operations and accreditation requirements

• Apply and enforce DISA STIGs across all systems
• Design and secure:
  • Standalone and air-gapped systems
  • Classified enclaves and secure processing environments
  • Hybrid cloud (Gov Cloud / Azure Government where authorized)
• Implement Zero Trust architecture and least privilege principles

• Administer and harden Microsoft Windows Server (2016/2019/2022)
• Manage Active Directory:
  • Group Policy (GPO) enforcement
  • Privileged access control and auditing
• Administer and secure Red Hat Enterprise Linux (RHEL 7/8/9)
• Implement:
  • Patch management (WSUS, SCCM, yum/dnf)
  • System auditing and logging (Event Logs, auditd)
  • Secure authentication mechanisms

• Implement Multi-Factor Authentication (MFA) across enterprise systems
• Enforce identity governance, least privilege, and account lifecycle management
• Support CAC/PIV authentication and enterprise identity integration

• Architect secure network environments:
  • VLAN segmentation and boundary protection
  • Firewalls, VPNs, IDS/IPS
• Monitor network activity and respond to security events
• Enforce secure data flows across classification boundaries

• Deploy endpoint protection and EDR solutions
• Conduct vulnerability scanning (ACAS/Nessus) and remediate findings
  
  Implement file integrity monitoring and configuration control
• Maintain secure configurations across all systems

• Design and operate air-gapped systems for classified and sensitive workloads
• Implement controlled data transfer solutions:
  • Media scanning and sanitization
  • Manual review processes
  • One-way transfer mechanisms (data diodes where applicable)
• Maintain compliance without reliance on external connectivity

• Conduct risk assessments and continuous monitoring
• Support incident detection, response, and forensic analysis
• Maintain system readiness for ATO and re-accreditation

• Maintain complete audit-ready documentation and evidence repositories
• Provide artifacts for CMMC and RMF audits
• Interface with auditors, security teams, and government stakeholders