Software Systems Engineer - Senior (Cybersecurity)

  • Full-time

Company Description

A3T, a fast growing ISO 27001, 9001, and 20000 certified company, specializes in Defensive Cyber Security Services and Solutions, driven by our customer's mission, and delivering excellent 'A' level talented personnel and an unparalleled customer satisfaction experience.

Join A3T and watch your career soar! A3T is an agile and mature company looking for incredible talent to support the U.S/ Government in many important national security roles.  A3T is looking to bring on an experienced, Secret cleared, Software Systems Engineer – Seniorwith “Next-Level Thinking” who is ready to take their career to a new level with A3T.

Job Description

The successful candidate shall provide cybersecurity analysis and software engineering expertise to support sustainment of DoD cybersecurity and RMF requirements.  The successful Software Systems Engineer will support the effort in strengthening the system development lifecycle, software development lifecycle and configuration management programs.  This includes performing analysis, making recommendations to include tools, develop processes, procedures and templates.   

Formulates and defines specifications for complex operating software programming applications or modifies/maintains complex existing applications using engineering releases and utilities from the manufacturer. Designs, codes, tests, debugs, and documents those programs. Responsible for applications dealing with the overall operating system, such as sophisticated file maintenance routines, large telecommunications networks, computer accounting, and advanced mathematical/scientific software packages. Competent to work at this highest technical level on all phases of software systems programming applications. May have responsibility for the evaluation of new and existing software products. May assist other systems programmers to effectively utilize the system’s technical software.

Duties/Responsibilities:

  • Enhance System Development Life Cycle (SDLC) Program - Evaluate SDLC program, identifying deficiencies and needs for processes, people and tools. 

  • Document analysis results to include strengths and weaknesses in an actionable whitepaper. 

  • Support senior ISSM in developing plan of actions and milestones.

  • Draft new or updates to existing guidance and processes, ensuring robust implementation of cybersecurity, RMF and system security engineering into the SDLC.   

  • Ensure thorough identification of best business practices, sound and secure system development life cycle methods and processes. 

  • Capture proposed SDLC process flows to encompass all phases of the proposed new existence, end to end.

  • Recommend industry tool solutions for conducting, managing, verifying and tracking.  This must be aligned and link back to NIST and DoD security control requirements.   Goal is to allow robust identification, conduct and tracking of system’s daily, monthly, etc. activities, versus external security control testing only.  

  • Align CS requirements with the 8430 SLC management process; identify gaps in current documentation; support 8430 revisions; develop system level forms, templates, and procedures.

  • Ensure robust implementation of applicable NIST and DoD acquisition and engineering standards ensuring build and maintenance of trustworthy and secured systems.

  • Deliver senior level briefing material articulating needs, deficiencies, risks and benefits; 8430 modifications, forms template and procedures.

  • Enhance Software Development life-cycle Program to include Software Assurance - Assess software development lifecycle to include software assurance program, identifying deficiencies and needs for processes, people and tools.

  • Document results in an actionable whitepaper. 

  • Support senior ISSM in developing plan of actions and milestones.

  • Develop senior level briefing material articulating resource needs, deficiencies, risks and benefits. 

  • Draft program level documentation and procedures, ensuring thorough identification of best business practices, sound and secure software development methods and processes, release management, testing/verification methods and continuous monitoring.  All should encompass project specific coding languages such as Oracle PL/SQL, COBOL and JAVA. 

  • Draft new software assurance process flows to include threat modeling, testing and verification, technology needs, roles and responsibilities, personnel alignment, end to end.  MUST include software assurance technology, process recommendations, where possible to allow daily, periodic software assurance processes within a tool, aligned with applicable DoD and RMF requirements.  Goal is to allow robust identification, conduct and tracking of system’s daily, monthly, etc. software assurance activities, versus external security control testing only and leveraging existing project technologies, personnel and processes.

  • Conduct Software assurance, to include release management must blend well in the overall SDLC tasking.

  • Develop Training - Develop and conduct robust training for processes, guidance, templates etc.

Qualifications

Security Clearance:  Secret (Active)

Technical Certifications:  

  • Information Assurance Management (IAM) level III.  Certified Information Systems Security Professional (CISSP) or other Equivalent (e.g. CISM or GLSC) DoD 8570.01-M

Experience:

  • Must have minimum 10 years of experience in cybersecurity.  This includes documentation and system authorization artifacts (System Security Plan, Continuous monitoring plan, Security Assessment Report, Plan of Action and Milestones, Interconnection Security Agreement, Risk Assessment, etc.).

  • The contractor resources supporting this task must have extensive working knowledge in DoD and NIST for SDLC, software assurance, and configuration management utilizing NIST.

  • Must have strong technical writing skills.

  • Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.

  • Able to work under only general direction and be able to independently determine and develop an approach to information system security solutions, only needing review upon completion for adequacy in meeting objectives.

  • Strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.

  • Must have working knowledge of the DoD CS policy requirements set forth in Dodi 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology,” and their successors. Available at http://www.dtic.mil/

Additional Information

We offer a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, 401K matching, etc.

It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.

We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks  and eVerify validation.