Own your opportunity to work alongside federal civilian agencies. Make an impact by providing services that help the government ensure the well being of U.S. citizens.
Job DescriptionAdvance your career while impacting our national security in cyber as a Cybersecurity Engineer at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.
As a Cybersecurity Engineer, the work you’ll do at GDIT will be impactful to the mission of our client, the Division of Federal Systems (DFS) for the Office of Child Support Enforcement (OCSE). You will play a crucial role in:
Conducting and coordinating security reviews and audits of federal and non-federal data exchange partners that access or host OCSE data. Duties include reviewing partner security documentation, performing site audits, ensuring compliance with HHS/ACF and OCSE security requirements, maintaining audit templates, and supporting Federal Agency Redisclosure Site Security Reviews as needed.
Providing security engineering support to the Security Team in responding to external audits. Responsibilities include assisting OCSE staff in preparing audit responses, coordinating with external auditors, and providing documentation and evidence to address audit inquiries and findings.
Providing security engineering expertise and guidance to design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, and HHS/ACF/FPLS security requirements.
Participating in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders.
Participating in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation.
Documenting and track internal POAMs for DFS systems and applications
Assisting in the development and delivery of Security Awareness Training as required.
Providing security engineering support to incident response activities by analyzing and correlating security events, assessing technical impact, implementing corrective and preventive measures, coordinating with site personnel, and ensuring proper collection and preservation of digital evidence for investigations.
Supporting security engineering efforts by integrating information security policies and controls into network and system design, collaborating with the security team to ensure consistent application of information assurance principles, and promoting user awareness and adherence to established security policies and procedures.
Promoting organizational security awareness by integrating sound security principles into strategic goals, researching emerging threats and vulnerabilities, and supporting the publication of security alerts, advisories, and bulletins to keep stakeholders informed and proactive.
Developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
Required Skills:
At least 2 years of professional work experience in a cybersecurity role.
Demonstrated experience and understanding of Information Assurance in the following specialties: Internet and Intranet Applications and Authentication; and Physical, Personnel, Network, Computer, Information, Operational, Administrative, and Communications Security.
Experience handling multiple tasks simultaneously, and the ability to work independently in a high stress environment with an orientation towards customer service.
Strong background in governance, risk, and compliance (GRC), including oversight of security agreements and regulatory recertifications.
Expertise in multi-stakeholder collaboration, partnering with federal, state, and industry entities on providing advisory assistance for data protection and cloud modernization initiatives.
Experience developing and standardizing security assessment frameworks and documentation.
Strategic capability in sustaining enterprise-wide security posture through proactive planning and continuous improvement.
Demonstrated expertise in conducting risk and vulnerability assessments, supporting security audits and compliance reviews, and performing partner/contractor site security assessments
Exceptional written and verbal communication skills; a writing sample will be requested.
Desired Skills:
Security or IT certifications (e.g. CISSP, CISA, etc.)
Knowledge of cloud computing, web application vulnerability scanning tools such as IBM AppScan
Knowledge of the Child Support Enforcement program and system operations.
Experience handling sensitive data sources and distribution of data containing personally identifiable information.