Cyber Security Engineer III for Human Resources Research Organization (location and salary not disclosed) STIG

November 13, 2023

The Human Resources Research Organization (HumRRO) is a non-profit leader in applied research, evaluation, and analytics in the arenas of employment, student, and military testing, and professional credentialing and licensing. We work with federal and state government agencies, private sector organizations, and professional associations.

About the Organization
As a non-profit, HumRRO is dedicated to work that contributes to science and society. Our employees enjoy a highly collaborative and supportive environment that fosters innovation, ethical practice, and outstanding customer service. Our core operational staff includes Behavioral Science and Educational Research professionals. We are committed to supporting a diverse workforce and to practicing equity and inclusion for all staff.

About the Job
Individual experienced in Information Assurance (IA) and Cyber Security to be part of a DevOps team supporting computerized testing projects. Your role will consist of performing Risk Management Framework (RMF) support for DoD IT systems by conducting risk assessments and developing RMF package components and test plans, providing guidance and documentation on cyber security technologies, best practices, policies and procedures. Other tasks include maintenance and technical reviews of IA security processes assuring DoD and DISA requirements for attaining ATO, IATT, and IATO, continuous RMF activities, annual control assessments, monitoring POA&Ms, MFRs, and IA artifacts, creating and updating security documentation, and developing mitigations for maintaining compliance.

Minimum Technical Qualifications:

  • Bachelor's or Master's degree in Computer Science or equivalent IT work experience.
  • CCSP, CISSP, Security+ certification, DoD clearance.
  • Familiarity with DISA standards, enterprise level work with security policies, network administration and support within AWS GovCloud.
  • In depth operational knowledge of IA controls and secure configurations with proficiency using ACAS, HBSS, and IAVM reporting.
  • Analyzing system configuration per DISA STIG using STIGviewer and SCAP to mitigate security vulnerabilities.
  • Exceptional skills responding to IAVAs as necessary to address systems vulnerabilities and remediating findings in FISMA and DIACAP audit reports.
  • Review proposed new systems, networks, and software designs and concepts for potential security risks, recommend mitigations or countermeasures and resolve integration issues.
  • Proficient with eMASS package development.
  • Detailed knowledge of Federal and DoD directives including RMF and DIACAP and ensuring these security policies, standards, and procedures are enforced.
  • Strong knowledge of RMF/NIST and Assessment Authorization processes.

Preferred Qualifications:

  • Minimum 5 years experience working with IA, Cyber Security, network operations, and detailed knowledge of DoD operations, divisions and personnel.
  • Understanding IA security requirements in obtaining ATOs, IATTs, and IATOs.
  • Assist in writing and updating of IA documentation supporting RMF accreditation through eMASS.
  • Evaluating risks associated with extended network boundaries and data migrations to a cloud environment.
  • Must be able to work independently taking high level directions and putting solutions in place.
  • Fast learner, ability in researching and picking up new technologies and skills.
  • Strong interpersonal skills and ability working with cross-functional teams including systems owners, government managers, and other stakeholders to manage cyber security requirements.
  • Some onsite travel to client locations.
  • Familiarity with Atlassian Confluence and Jira.
  • Excellent written and verbal communication skills establishing and maintaining effective relationships with employees, clients and partners.

For more info.: