TWINN is seeking a Cyber Security Project Engineer with experience in systems engineering, application development and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A) of IT systems. The candidate will be directly involved in processing all customer efforts through the various facets of the RMF and A&A process. The candidate will conduct comprehensive cyber assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The candidate will be expected to perform cyber assessments independently, as well as part of a team. The candidate will also provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its operational environment and recommend corrective actions to address identified vulnerabilities.
***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered *****
Demonstrated expertise in recommending best practices in security architecture that promotes cost-effective and efficient systems solutions consistent with program objectives and measures of performance.
Demonstrated proficiency in drafting Security Assessment Reports and providing threat analysis based on identified security vulnerabilities discovered during review of security plans, interviews with developers/customers, and assessment of information systems.
Demonstrated proficiency in testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation.
Demonstrated expertise in identifying and applying the appropriate level of recommended remediation to security anomalies or integrity loopholes such as system weakness or vulnerabilities.
Demonstrated experience and ability to independently download, install, run, and understand software, to include compliance-oriented software for system testing to include WebInspect, AppDetective, Red Seal, Splunk, and NESSUS.
Demonstrated experience developing and documenting security evaluation test plans and procedures.
Demonstrated experience working with the Sponsors Risk Management Framework (RMF), Assessment & Authorization (A&A) process and information assurance.
Demonstrated experience participating or leading technical exchange meetings and application review boards and documenting actions items/results of these events.
Demonstrated experience in penetration testing information systems, to include cloud-based systems and applications.
Bachelor or Master's degree in a technical field and/or CISSP (or similar certification), CEH, or CHFI certifications.