Cyber Security Engineer

Overview

A Rampant Technologies Cybersecurity Engineer (CSE) is a key resource on the Rampant team reporting to the Principal Engineer overseeing the CSE team to deliver innovative Cyber Security solutions aligned with the company’s goals. The CSE is a subject-matter expert on problem identification, diagnosis, and resolution, and develops best practices for processes and standards to improve the system.

• Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and apply configuration updates to comply with security requirements.
• Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.
• Hardening of operations systems, COTS and open-source products.
• Validate best practices in penetration testing, configuration analysis, and security assessments.
• Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing; generate and maintain security accreditation artifacts associated with the RMF process, including Security Requirements Traceability Matrix, and perform timely updates in the accreditation database.
• Provide technical guidance focused on information security architecture.

• Minimum eight (3) years’ relevant experience as a Cybersecurity Engineer in programs and contracts of similar scope, type, and complexity; ideally three (3+) years of direct experience in the same role.
• Techno-functional knowledge of/experience with:
• Execution of the A&A process in accordance with government requirements (e.g., ICD-503).
• Information systems security and continuous monitoring practices and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
• DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and related assessment criteria.
• Integrity, availability, authentication, and non-repudiation concepts; IT security principles and methods (firewalls, DMZs, encryption).
• Network access and identity management (e.g., PKI); security system design tools and techniques.
• Knowledge of DoD/IC system security control requirements and relevant laws, policies, and governance related to critical infrastructure.
• Management best practices for Windows and Linux OS, known vulnerabilities, and continuous monitoring per NIST SP 800-137 with automation where applicable.
• Virtualization technologies (e.g., VMware, Docker); OSI model understanding and network protocol knowledge.
• Ability to apply DoD/IC security controls, XACTA and SNOW tools, and security testing tools (including ACAS).
• Proficiency with Microsoft Office Suite (e.g., Project, Visio).

• Active TS/SCI w/ Poly clearance required; certification compliant with DoD 8570 IAM or IAT level 3, or obtain certification within 6 months of hire and maintain it during employment.
• IAT Level II Certifications (Security+ or equivalent).