Description
Description
SAIC is seeking a Principal Cybersecurity Engineer to support our strategic communications programs within the Department of Defense (DoD). This position is part of an essential team dedicated to the sustainment and enhancement of critical Navy communication systems, including associated operational environments (OE). As part of this role, you will lead the development, implementation, and sustainment of robust cybersecurity practices aligned with Risk Management Framework (RMF) requirements and DoD/DoN cybersecurity policies.
In this role, you will collaborate with multidisciplinary teams, including engineers, program managers, and government personnel, to ensure mission-critical systems achieve and maintain compliance with Authority to Operate (ATO) and continuous monitoring requirements. You will contribute as a key technical leader, working in a dynamic, fast-paced environment where innovation and attention to detail are highly valued.
This opportunity is well-suited for an experienced cybersecurity professional who thrives in complex environments and has a strong background in RMF, vulnerability management, configuration monitoring, and accreditation processes.
ON-SITE role in San Diego, CA. Must be local to area
JOB DUTIES:
Cybersecurity Compliance and RMF Activities:
Propose, coordinate, implement, and enforce all DoD/DoN cybersecurity policies, standards, and methodologies for the operational environment (OE), software applications, and government test tools.
Perform risk assessments in support of RMF lifecycle activities and implement continuous monitoring plans to sustain ATO.
Assist with annual security reviews, re-authorizations, and compliance with ATO stipulations.
Vulnerability Management and Mitigation:
Conduct vulnerability assessments using tools such as ACAS, SCAP, and other automated tools to ensure compliance with Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
Develop and update cybersecurity baselines, including monthly security patching, system lockdowns, and configuration updates.
Conduct independent cybersecurity scans and audits to verify the security posture of systems before and after new configurations are implemented.
Baseline Development and Testing:
Develop Cybersecurity Baseline Test Plans (CSBTP) and Cybersecurity Baseline Test Reports (CSBTR) to document critical patching activities and ensure tested functionality.
Identify and mitigate security vulnerabilities or programming flaws that could be exploited to compromise system integrity or availability.
Support the development of test plans and associated documentation (CDRLs) for delivery to Configuration Management (CM) managers and stakeholders.
Stakeholder Collaboration:
Collaborate with CS teams to resolve findings and integrate RMF requirements throughout the system lifecycle.
Provide technical leadership to other cyber staff, ensuring cohesive execution of cybersecurity efforts and compliance with emerging DoD directives.
Prepare and deliver documentation—including monthly vulnerability scan reports, risk mitigation strategies, and policy updates—to government stakeholders to achieve mission milestones.
Process Improvement and Innovation:
Identify and refine cybersecurity processes to ensure sustainment of the OE, software applications, supporting tools, and infrastructure.
Enhance early detection mechanisms by incorporating automated benchmarks and efficient review processes for baseline updates.
Develop innovative solutions for emerging cybersecurity requirements within DoD/DoN frameworks.
Qualifications
REQUIREMENTS:
Bachelor's degree in Cybersecurity, Computer Science, Engineering, or a related technical discipline and Nine (9) years or more experience in Information Assurance, Cybersecurity Engineering, or a related discipline; Master's degree in Cybersecurity, Computer Science, or Engineering with an emphasis on cybersecurity and seven (7) years or more experience. Equivalent work experience may be considered in lieu of a degree.
5+ Years of hands‑on experience designing, implementing, or supporting hardened IT systems in classified or high‑security environments
Must be a U.S. Citizen
Must have an Active Secret clearance to start
Must be able to obtain a Top Secret clearance after start
Proven work with air‑gap architectures, data diodes, and secure offline transfer mechanisms.
Extensive Knowledge of RMF and ATO processes, including experience in creating, reviewing, and managing RMF documentation (SSPs, POA&Ms, Security Assessment Plans).
Experience with DoD vulnerability scanning tools (e.g., ACAS, Nessus, SCAP) and compliance with DoD standards, such as DISA STIGs.
Strong understanding of security baselining, secure configuration management, and continuous monitoring practices.
Strong scripting/programming skills (Python, Bash, PowerShell, C/C++).
Experience with hardware security modules (HSM), TPM, and PKI implementation.
Familiarity with virtualization/containers in secure contexts (VMware ESXi, Hyper‑V, Docker with hardened builds).
Proven experience in resolving critical security vulnerabilities and supporting accreditation/re-accreditation activities.
IAM Level II or III certification in accordance with DoD 8570.01-M (e.g., CISSP, CAP, or CISM).
DESIRED SKILLS:
10+ years of experience supporting DoD/DoN programs, particularly for Navy-focused platforms.
Hands-on experience with NIWC Pacific or Navy organizations.
Familiarity with National Information Assurance Partnership (NIAP) and Common Criteria technologies.
Expertise in drafting and implementing Security Technical Implementation Guides (STIGs) for custom applications.
Experience working with Configuration Management (CM) teams to manage software artifact delivery.
Strong analytical and communication skills to interact with multidisciplinary teams and senior leadership effectively.
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
