Cybersecurity Engineer

Dark Wolf Solutions is seeking a Cybersecurity Engineer to conduct independent comprehensive assessments of the security controls employed within an Information technology (IT) system or deployed software to determine the controls’ effectiveness. The Cybersecurity Engineer will perform reviews of security artifacts for system and software authorizations, assessing both the technical and functional adequacy as required for application and software cybersecurity readiness. The Cybersecurity Engineer must have prior experience in assessing tools/applications, systems, and/or enclaves. Additionally, knowledge of network security, technologies, processes, and practices designed for the prevention of damage to, and protection of communications systems, services, and various types of application technologies is desirable. The Cybersecurity Engineer must be knowledgeable and proficient in DevSecOps activities such as scripting/automation, containerization, and continuous monitoring. A successful candidate will have a strong foundational understanding of NIST, DoD, and DAF cybersecurity focused guidance. This position will be based out of San Antonio, TX with hybrid/remote opportunities. Additional responsibilities include:

Key Responsibilities:

• Provide engineering analysis, security recommendations for design implementation/operational execution.
• Perform container and/or network security vulnerability assessments to identify, evaluate and mitigate security risks, threats, and vulnerabilities.
• Develop and review the Certificate to Field (CtF) or Continuous Authorization to Operate (cATO) Body of Evidence (BoE) to meet DoD and Federal directives.
• Monitor security audit and intrusion detection system logs for system and network anomalies.
• Monitor technical controls to ensure the operational integrity of the system and data. 
• Conduct and manage continuous monitoring activities of assigned systems.
• Build automations for continuous monitoring of technical controls.
• Partner with engineers to analyze software, interpret security requirements, and plan effective control implementations.
• Review risk and control matrices and test plans for key controls and determine effectiveness.
• Identify control gaps, review and test the design of existing controls.
• Formulate clear and concise conclusions on internal controls and business process efficiency.
• Recommend and create policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
• Conduct risk and vulnerability assessments of installed information systems to identify vulnerabilities, risks, and protection needs.
• Provide recommendations and reports to the Security Control Assessor (SCA), Authorizing Official (AO), Chief Information Security Officer (CISO).
• Review network and systems design to ensure accuracy.
• Ensure the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services. 

Required Qualifications:

• 5+ years of relevant Cybersecurity experience. 
• 5+ years of experience creating and/or reviewing policy documentation and technical documentation, such as system architecture, ports and protocols, and configuration documentation.
• Cloud Platform experience with at least one service offering from AWS, Azure, or Google Cloud.
• DevSecOps experience (e.g., ArgoCD, Flux, Helm, Terraform, Ansible).
• Scripting/automation experience (e.g., Bash, python or other language).
• Experience with container based application development tools (e.g., Docker, Docker Compose, Kubernetes).
• Knowledge of security scanning tools (e.g., Static Analysis, Dynamic Analysis, etc.).
• Understanding of Continuous Monitoring/Logging tools like Elastic, Fluentbit, Prometheus, Loki and Grafana.
• Familiarity with Sharepoint, JIRA, and Confluence.
• Ability to clearly articulate ideas.
• Strong technical writing abilities to author reports for AO and CISO dissemination.
• Exudes confidence in providing briefings, presentations, and in conducting/guiding meetings with senior leadership and stakeholders.
• Ability to use prior experience and knowledge to address new situations.
• B.A. or B.S. Information Security, Computer Science or related discipline.
• US Citizenship and currently possess a Secret security clearance. 

Desired Qualifications:

• Experience with Fast Track ATO Handbook & AF Continuous ATO Playbook.
• Hands-on eMASS and/or Xacta experience completing full system lifecycle activities.
• Experience with Air Force risk management policies/procedures, to include, DODI 8510.01, AFI 17-101.
• Experience with Cloud Computing Security Requirements Guide (CC SRG).
• Knowledgeable with DoD DevSecOps Fundamentals Playbook.
• Experience with cloud engineering concepts, including automating API interrogation for
  compliance. 

This position is located in San Antonio, TX. 

The estimated salary range for this position is $115,000.00 - $145,000.00, commensurate on experience and technical skillset. 

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
 
 In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.