Cybersecurity Engineer at Base-2 Solutions

Job Description
Base-2 Solutions is seeking a Cyber Security Engineer to assist with the release of a state-of-the-art technology stack under the DOMEX Technology Platform (DTP) contract supporting the OSINT Integration Center (OSIC). Provide technical security expertise across cloud and on-premises infrastructure, leveraging experience with security technologies and industry best practices to implement effective, compliant solutions. Collaborate closely with ISSOs, ISSMs, software engineers, developers, systems engineers, and Government counterparts to perform a full spectrum of cybersecurity engineering tasks and ensure compliance with multiple regulatory frameworks.

Required Skills

• Experience configuring, running, and analyzing vulnerability scans.
• Experience with XACTA, eMASS, or similar tools.
• Familiarity with NIST Special Publications (SP 800-27, 30, 37, 53, 60).
• Experience with CNSS Publication CNSSI 1253.
• Experience with incident response plans, POA&Ms, risk management plans, and vulnerability management plans.
• Strong analytical, communication, problem-solving, and interpersonal skills.
• Experience establishing a System Security Engineering (SSE) management process to integrate security and privacy controls into complex hardware and software systems.

Qualifications

• Bachelor’s degree and 8+ years of experience; additional years may be considered in lieu of a degree.
• Active TS/SCI clearance with the ability to obtain and maintain a Polygraph.
• At least one DoD 8570.01-M IAT Level II or higher certification (e.g., CCNA Security, CySA+, Security+ CE, SSCP, CISSP or Associate).
• One year of experience developing and reviewing security CONOPS, System Security Plans, Risk Assessments, Contingency Plans, and Configuration Management Plans.

Capabilities

• Review and analyze cybersecurity event logs.
• Conduct and review technical cybersecurity assessments.
• Coordinate with security personnel and recommend mitigation strategies.
• Identify points of vulnerability and non-compliance with established cybersecurity standards and regulations.
• Collaborate with the DevSecOps team to analyze scan results and remediate findings.
• Manage and maintain a library of security audit tools and corresponding processes for system testing, internal audits, incident response, and security diagnosis.
• Perform and maintain vulnerability scans using Assured Compliance Assessment Solution (ACAS) and create reports.
• Track and report Information Assurance Vulnerability Management (IAVM) compliance using ACAS.
• Maintain Authorization to Operate (ATO) records in the XACTA system.
• Manage and report Plan of Actions and Milestones (POA&M) compliance.
• Review certification and accreditation (C&A) documentation for completeness and compliance.
• Perform system installation, configuration maintenance, account maintenance, signature maintenance, patch management, and troubleshooting of IA and CND systems.
• Apply system security engineering expertise to system design, engineering life cycle, information domains, cross-domain solutions, cryptography, identification, authentication, authorization, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, and auditing.

Desired Skills

• Software development or coding experience (Python, Java, React).
• Experience with DevSecOps pipelines and tools.
• Experience with database systems, search engines, and web applications.
• Experience in Linux environments (Red Hat, CentOS).
• Experience with big data applications.
• Experience with Jira and Confluence.
• Experience working in an Agile environment.
• Familiarity with NIST SP 800-171.

While most work will be conducted on-site at the client location in Bethesda, MD, a flexible schedule is available, and some tasks may be performed remotely based on client requirements.