Senior Network Security Engineer
McKean Defense is a Naval Life Cycle Management, Engineering, Enterprise Transformation and Program Management business headquartered in Philadelphia, PA. McKean’s engineers, developers, technical staff, programmers, analysts, and program managers identify and deploy new shipboard technologies, integrate information technology across shipboard platforms, and develop strategies to support the Warfighter. McKean’s employees create strategic solutions to help customers reach new levels of mission support and transform their organizations. McKean Defense is employee owned, and values the life experiences of potential candidates, including those who have served our Military. Currently, 38% of McKean’s employee owner workforce are veterans.
McKean Defense is seeking candidates with Risk Management Framework (RMF) experience. Primary responsibility is to perform tasks related to Assessment & Authorization (A&A) and cyber-security to obtain and maintain Authorizations to Operate for US Navy afloat and ashore systems. Duties and Responsibilities shall include:
a. Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
b. Developing, updating, and/or reviewing system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
c. Providing solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
d. Assessing system compliance against NIST, DoD, and Navy security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
e. Coordinating with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
f. Working with system administrators, engineers, and developers to update system/site policies, procedures, and process guides
g. Producing evidence as necessary to support compliance status of NIST, DoD, and Navy security requirements
h. Maintaining awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
i. Attending and participating in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts
j. Actively participating in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies
Required Skills
Proficiency in the use of Microsoft Office suite of applications
Proficient in basic computer/laptop use, including advanced operations
Basic Technical writing ability
Self-motivated and able to work in a team environment
Ability to obtain Operating System certification or complete approved related training within 180 days of start date.
Knowledge of the fundamental concepts, practices, and procedures associated with industrial control systems preferred.
Required Experience
BS degree and ten (10) years of experience with Cyber-security / Information Technology, or fifteen (15) years of hands-on experience with Cyber-security / Information Technology.
CompTIA Security+ required
CISSP certification preferred
Demonstrated expert-level experience with Risk Management Framework (experience under DoD a plus)
Experience with eMASS
Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
Demonstrated efficiency and experience in the following areas:
RMF package development and management, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, and hardware/software inventories
NIST 800-53 control validation
DISA STIG/SRG validation
RMF policy development and strategy implementation
System/site documentation development to include policies, processes, and SOPs
Experience leading a team through a technical project
Equal Opportunity Employer–minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity.
McKean Defense is an E-Verify company.
Proficiency in the use of Microsoft Office suite of applications
Proficient in basic computer/laptop use, including advanced operations
Basic Technical writing ability
Self-motivated and able to work in a team environment
Ability to obtain Operating System certification or complete approved related training within 180 days of start date.
Knowledge of the fundamental concepts, practices, and procedures associated with industrial control systems preferred.