Cybersecurity Engineer

Description: We are seeking a highly skilled and multi-faceted Cyber Engineer for a critical contract role supporting Google's SIPRNet enclave. The ideal candidate is a proactive and seasoned professional with extensive, hands-on experience navigating Red Hat Linux, the NIST 800-53 Risk Management Framework (RMF) control requirements, and Security Operations for a classified network in a unique commercial cloud setting. This role requires a blend of technical engineering prowess to provide Security Operations support as well as a deep understanding of continuous monitoring control requirements to prepare for security assessments and auditing. You will be a key contributor to our SIPR Enclave team, supporting the SIPR Enclave Lead in RMF activities and the Senior Cyber Engineer in security operations support. 

Timeframe:  

• Start - 1/1/2026 

• End - 12/31/2026 

• Renewal Cycle - Annual 

Investigation/Clearance Level:  

• Must possess a current and active Top Secret (Sensitive Compartmented Information [SCI] eligibility).  

Location: Onsite at the classified operations center in McLean, VA. 

Duties:   

From a Security Operations perspective, as directed by the Senior Cyber Engineer, the Engineer -  

• Configure and update the Linux operating systems. 

• Red Hat 

• Debian 

• Monitors the following security applications: 

• Scanning implementation (Tenable.sc, SCC Tool) 

• SIEM implementation (Splunk) 

• Endpoint security implementation (Trellix) 

• Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g., for Tenable plugins), etc. 

• For the SIEM: 

• Ensure security systems are up to date and implemented. 

• Validate the telemetry from the hosts and security applications are forwarded to the SIEM. 

• Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories. 

• Triages all alerts from the SIEM to ensure activity in the environment is authorized. 

• Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan. 

• For scanning/STIGs: 

• Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate. 

• Reviews the scans to confirm correct, actionable data is generated to support the patching activities. 

• Reviews STIG results and supports the team in implementing corrective action as applicable. 

• For endpoint management: 

• Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied. 

• Triages all alerts from the tool to ensure activity in the environment is authorized. 

• For insider threat monitoring: 

• Ensures deployment of tool and related modules are performing as intended. 

• Monitors aggregate user data as directed. 

• Designs, develops, tests, and evaluates information system security throughout the systems development life cycle. 

From a RMF perspective, as directed by the SIPR Enclave Lead -  

• Supports maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring. 

• Supports control implementation statement updates, documentation development for plans or procedures, artifact identification for assessments, and body of evidence generation. 

• Supports POAM mitigation and/or remediation activities. 

Required Qualifications: 

• Education: BA/BS Degree or equivalent experience in lieu of degree 

• Experience: 8+ years of related experience 

• Technical skills:  

• Hands-on experience with Red Hat operating system. 

• Understanding of various Linux operating systems. 

• Understanding of security operations of Splunk and Trellix. 

• Understanding of Microsoft Active Directory and implementing controls via Group Policy. 

• Role requirements: Knowledge of the complete NIST SP 800 series (especially 800-37, 800-53, 800-30) and risk management principles. 

• Certifications: Must be DoD 8140 / 8570.01-M compliant (e.g., including but not limited to Security+) 

Preferred Qualifications: 

• Hands-on experience with security operations of Teramind. 

• Hands-on experience with Tenable.sc. 

• 5 days onsite McLean, VA