Cyber Security Engineer (Top Secret Cleared) (Fort George G. Meade)

Job Title : Sr. Cybersecurity Engineer (Top Secret Cleared)

Location : Fort Meade, MD (onsite)

Duration : 6 month contract-to-hire

Pay Range : $55-60 / hr. with $125,000 conversion salary at 6 months

Summary :

The Sr. Cybersecurity Engineer will be responsible for performing analysis, conducting independent validations of assessments, and Continuous Monitoring (ConMon) for authorized CSPs and CSOs. Individuals in this role must be available to work full-time on-site at Ft. Meade, MD.

Responsibilities :

Conduct cybersecurity assessments and validations of Cloud Service Offerings (CSOs) in support of the Department of Defense (DoD) Provisional Authorization (PA) process.

Evaluate Cloud Service Provider (CSP) documentation packages following government guidance and procedures, including key artifacts such as the Cloud Architecture Diagram, System Security Plan (SSP), SSP Addendum, Readiness Assessment Report (RAR), System Architecture, Security Assessment Plan (SAP), Security Assessment Report (SAR), and associated Plans of Action & Milestones (POA&Ms).

Review, analyze, and process additional documents including Change Requests, Extension Requests, Deviation Requests, Whitelist Requests, Corrective Action Plans, templates, process guide approvals, and continuous monitoring (ConMon) artifacts for existing Provisional Authorizations.

Prepare and deliver up to 30 Cloud Security Assessment Packages annually, each including validated cybersecurity controls, certifier recommendations, and a statement of residual risk.

Participate in technical kickoff meetings and review preliminary documentation to assess a CSPs readiness posture.

Analyze and provide detailed feedback on CSP submissions such as the RAR, SAP, SSP, and architectural diagrams.

Assess and document the operational impact of authorizations, changes, and vulnerabilities on the CSP environment.

Develop Cloud Security Assessment Packages in accordance with established guidelines, including the SAR, POA&M, and any Deviation Requests.

Draft Authorization Recommendation Memoranda outlining CSO compliance with DoD cybersecurity controls, residual risks, and technical findings.

Prepare formal DoD Provisional Authorization memoranda, detailing authorization length, CSO boundary, services provided, operating conditions, DoD usage considerations, and follow-on activities.

Validate CSO controls within eMASS or other government-provided Governance, Risk, and Compliance (GRC) tools; ensure accurate tracking in the Mission Status Report (MSR).

Review and verify the Customer Responsibility Matrix (CRM), ensuring proper control inheritance is reflected in eMASS / GRC systems.

Upload authorization conditions as system-level POA&Ms in eMASS and monitor their resolution.

Organize and associate all received documentation with applicable security controls within eMASS.

Maintain and update the DoD Cloud Process Guide, including all checklists, templates, forms, and guidance documents.

Assist in developing internal requirements and how-to guides for assessors conducting CSP validations.

Document and refine assessment procedures and validation best practices to align with DoDI 8510.01 and the DoD Cloud Computing Security Requirements Guide (SRG).

Contribute to the ongoing development and annual updates of the DoD Cloud Assessment Process Guides as requested by the Government.

Qualifications :

Bachelor's degree (IT-related field preferred).

Eight (8) years of overall experience in cybersecurity or network security position.

Have an active DoD Top Secret clearance with SCI eligibility.

DoD 8570 IAM / IA Technical (IAT) Level III certification.

Familiarity with security controls for Azure, AWS, and assorted cloud platforms.

Solid understanding of DoD Risk Management Framework (RMF), DoDI 8510.01, and DoD Cloud Computing Security Requirements Guide (SRG).

Familiarity with security controls for Azure, AWS, and assorted cloud platforms.

Hands-on experience with eMASS or other government-provided GRC tools.

Familiarity with cloud security documentation, including SSPs, SARs, RARs, and POA&Ms.

Ability to analyze complex cloud architectures and provide accurate risk assessments.

Strong technical writing and communication skills to produce security assessment reports and formal recommendations.