Dark Wolf Solutions is seeking an experienced Cybersecurity Engineer with expertise in the Risk Management Framework (RMF) to join our team. This team acts as strategic consultants to the enterprise by evaluating and aligning internal policies with industry-standard security frameworks. The primary objective is to facilitate the enterprise-level ATO processes by developing comprehensive security documentation and evidentiary artifacts for formal leadership review. Beyond initial authorization, the team provides continuous monitoring support and evaluates the security architecture of individual applications to ensure seamless and compliant cloud integration. Candidates must be located physically in the Omaha, NE area or surrounding areas. Key responsibilities may include but are not limited to:
-
- Designing, testing, and implementing secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
- Conducting risk and vulnerability assessment at the network, system and application level.
- Conducting threat modeling exercises.
- Developing and implementing security controls and formulating operational risk mitigations along with assisting in security awareness programs.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- Researching, evaluating and recommending new security tools, techniques, and technologies and introducing them to the enterprise in alignment with IT security strategy.
- Utilizing COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.
- Assisting in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and making recommendations on process tailoring.
- Performing analyses to validate established security requirements and recommending additional security requirements and safeguards.
- Supporting the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
- Periodically conducting a review of each system's audits and monitoring corrective actions until all actions are closed.
- Supporting cyber metrics development, maintenance and reporting.
- Providing briefings to senior staff.
Required Qualifications:
- 3+ years of experience with Framework Compliance & Authorization
- 2+ years of experience with Vulnerability & Risk Remediation
- 2+ years of experience utilizing the Risk Management Framework in support of obtaining a Authority to Operate
- 2+ years of experience with Technical Security Assessment
- 1+ years of experience of IaC and CaC development with Terraform and Ansible
- Proficiency in drafting and auditing System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms) that clearly explain risk to non-technical stakeholders
- Ability to "translate" between the developers (who have the data) and the formal cybersecurity leadership (who needs the data).
- Experience translating technical configurations into "audit-ready" evidence for Governance, Risk, and Compliance (GRC) tools like eMASS or ServiceNow.
- Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.
- Experience with Space Force risk management policies/procedures, to include, Fast Track ATO Handbook & AF Continuous ATO Playbook
- Ability to clearly articulate ideas for executive level consumption
- Ability to use prior experience and knowledge to address new situations; especially during interactions with clients
- Ability to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions
- Must have IAT II Certification
- B.A. or B.S. Information Security, Computer Science or related discipline
- US Citizenship and an active Top Secret Security Clearance
Desired Qualifications:
- Previous experience supporting Department of Defense
- Experience evaluating information security compliance against STIGs
This position will be a hybrid role based out of Omaha. NE. The salary range for this position is estimated to be between 90,000.00 - $110,000.00, commensurate on experience and technical skillset.
We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.
We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.