I am...

We are seeking an experienced Security Engineer to join our dynamic cybersecurity team at Crescent Energy. As a Senior Security Engineer, you will play a crucial role in safeguarding our organization's digital assets, infrastructure, and data from security threats and vulnerabilities. This is a hands-on technical role that requires a deep understanding of cybersecurity best practices, threat detection and mitigation, and a strong commitment to keeping our systems secure.

• Security Architecture: Collaborate with cross-functional teams to design and implement robust security solutions, ensuring the confidentiality, integrity, and availability of our systems and data.
• Vulnerability Management: Conduct regular security assessments, vulnerability scans, and penetration testing to identify and address security weaknesses.
• Incident Response: Collaborate with team on incident response efforts, including investigating security incidents, coordinating with relevant stakeholders, and implementing remediation measures.
• Security Awareness: Promote a culture of security awareness throughout the organization by conducting training sessions, creating awareness campaigns, and keeping the team updated on emerging threats.
• Security Policies and Procedures: Assist with development and enforcement of security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Security Monitoring: Assist with implementing and managing security monitoring tools and systems to detect and respond to security incidents in real-time.
• Security Research: Stay up to date with the latest security trends, SEC requirements, vulnerabilities, and technologies to continuously improve the organization's security posture.
• Collaboration: Collaborate with IT/OT teams, DevOps, and other stakeholders to integrate security into the development and deployment processes.
• Afterhours: After hours availability required as needed.

Required Qualifications:

• Experience with security technologies
• In-depth knowledge of network security, endpoint security, and cloud security.
• Excellent communication and interpersonal skills, with the ability to work effectively in a team environment.
• Strong understanding of security compliance standards such as NIST, or CIS.
• Strong problem-solving skills and the ability to make decisions under pressure.
• Bachelor’s degree in computer science, Information Security, or a related field.
• Proven experience in a Senior Security Engineer or similar role with at least 8 years of hands-on experience in cybersecurity.
• Experience with security assessment tools, penetration testing, and vulnerability management.

​

Preferred Qualifications:

• Master's degree or relevant certifications (e.g., CISSP, CISM, CEH) is preferred.

NA

Who are we?

Stanley Reid is your trusted matchmaker, connecting you with top contractors and exciting IC/DoD opportunities. Founded by experts in the field, we go beyond just finding jobs. We prioritize personalized guidance, matching your unique skills and goals to the perfect fit. Looking for a stress-free job search? We got you. Let's chat and unlock your career potential!

​

Our client:

Driven by mission and dedicated to service, our client has been securing the US and its allies for over 20 years. Founded in 1999 and led by an engineer, they offer meaningful work across diverse areas like software development, systems engineering, test & analysis, and cybersecurity. You can expect fulfilling work with national security impact and opportunities for growth through their broad portfolio of work, including several PRIME contracts. They have fostered a culture of well-being by supporting the physical, mental, social, and financial health of their employees with their competitive compensation and benefits. Significant investment in professional development and openness to using cutting-edge technologies have created consistent growth and strong employee retention. If you're looking to contribute to critical missions within a super-technical and supportive environment, our client might be the right fit for you.

• Implementing and overseeing security measures
• Ensuring compliance with industry standards
• Leading a team of security professionals
• Developing and enforcing security policies
• Responding to security incidents
• Managing security risks
• Ensuring compliance with industry standards

Required Qualifications

• BS in Computer Science, IT Engineering, or related field and 12+ years of experience in IT security
• Strong leadership and communication skills and in-depth knowledge of security tools, technologies, and industry best practices
• Advanced security certifications:-- IAT III (CISA, CISSP, GSE, SCNA, or GCIH)-- IAM I (GISF, GSLC, Security+, or CAP)-- IAT I (GSEC, Security+, or SSCP)

​

Preferred Qualifications

NA

Clearance requirement: TS/SCI with FS Polygraph (no clearance upgrades or CCAs). Please note, you MUST have the required clearance for consideration.

​

Location: Contractor SCIF in Annapolis Junction, MD

​

Apply @ https://careers.stanleyreid.com/, or contact our MD team for more info: mwhitford@stanleyreid.com, asmith@stanleyreid.com.

​

We look forward to exploring opportunities with you!

Summary Information about the Role

• Job Title: Cybersecurity Systems Analyst, Intermediate
• Job Level: Experienced
• Location: MacDill AFB - Tampa, FL
• Position Type: Full Time
• Education Level: 4 Year Degree
• Travel Percentage: None
• Job Shift: Day

​

Company Overview

• Seeking a Cybersecurity Systems Analyst, Intermediate, to work at MacDill AFB. A United States Citizenship and an active TS/SCI DoD Security Clearance is required to be considered for this position.
• Performs assessment and authorization coordination. Advises and assists the customer with Risk Management Framework (RMF) and develops a Plan of Action and Milestones for resolving network deficiencies in accordance with DODI 8510.01 and ICD 503. The duties of this task include assessing network compliance against controls listed in NIST 800-53 and creating A & A packages. Performs assessment, compliance, and validation of IT systems to support the Cybersecurity program at USSOCOM, its Component Commands, TSOCs, and deployed forces. The Contractor shall execute a comprehensive assessment, compliance and validation of customer networks to ensure compliance with regulations and security and standards. The end goal is to ensure the integrity of customer systems by identifying and mitigating potential shortcomings and vulnerabilities. Advise USSOCOM, its Component Commands, TSOCs, and deployed forces on network and system risks, risk mitigation courses of action, and operational. Additionally, the Cybersecurity Systems Analyst should be able to perform security evaluations and vulnerability assessments using the DOD Assured Compliance Assessment Solution (ACAS), Nessus vulnerability scanning tool and Security Content Automation Protocol tool. Identify applicable STIGs and perform assessments using the Security Content Automation Protocol tool. The Cybersecurity Systems Analyst will liaison with network and system administrators to correct identified deficiencies. The Cybersecurity Systems Analyst will also scan (or review scans) for new systems and applications being introduced into the SOF environment, identify issues, and draft certification letters for the government. The contractor will liaison with the Site Integration Facility (SIF) to ensure systems and application meet the standards in the DISA Security Technical Implementation Guides (STIG). The Cybersecurity Systems analyst should be knowledgeable of cyber network defense tools such as end point security, SIEM, comply to connect, etc.

• Tracks A & A status of SIE governed ISs. Ensures these artifacts and documentation are available in the USSOCOM-chosen automated tool.
• Advises stakeholders on the adequacy of implementation of cybersecurity requirements.
• Provide DoD & IC RMF subject matter expertise to USSOCOM, its Component Commands, TSOCs, deployed forces and their delegates, including other Contractors, and assist with the development and execution of the RMF program at USSOCOM, its Component Commands, TSOCs, and deployed forces.
• Maintain, track, and validate DISN, cloud and DIA connection approval packages, including those from USSOCOM, its Component Commands, TSOCs, and other subordinate organizations.
• Develop and maintain supporting documentation for new and existing networks, cloud environments, information systems and technologies as they are introduced into the SIE.
• Develop and review the A & A of SIE networks, cloud environments, systems, services, telecommunication circuits, mobile devices, portable electronic devices, hardware, and software using the DoD & IC RMF to obtain an Authority to Operate (ATO), Interim Authority to Test (IATT), or Authority to Connect (ATC).
• Perform risk and vulnerability assessments of IT and IS for authorization; prepare risk assessment reports for submission to the SCA and Authorizing Official/Designated Authorizing Official/Designated Accrediting Authority (AO/DAO/DAA) in accordance with DoD, DIA, USCYBERCOM, USSOCOM, Component Command, TSOC, and deployed forces’ policies, procedures, and regulations.
• Assist USSOCOM, its Component Commands, TSOCs and deployed forces with the enforcement of A & A, as well as DoD, DIA, USSOCOM, Component Command, TSOC, and deployed forces’ connection standards for networks and systems.
• Track and maintain A & A databases, web sites and tools to ensure that networks, systems and devices are properly documented and managed from a cybersecurity perspective.
• Track and report to higher headquarters organizations (e.g. USCYBERCOM, DIA) compliance with applicable Cybersecurity regulations and directives.
• Ensure timely notifications are made to responsible individuals and organizations in order to prevent lapses in accreditations (e.g., 30, 60, and 90 day notices).
• Develop and maintain an Information Security Continuous Monitoring (ISCM) Plan. This plan shall address ongoing awareness of information security, vulnerabilities, security controls, and threats to support organizational risk management decisions.
• Identify, assess, and advise on cybersecurity control compliance and associated risks.
• Coordinate with USCYBERCOM, DoD, DIA, NSA, DISA, and subordinate organizations to support the resolution of issues with security, A & A, connection approvals, and waiver requests.
• Perform network, cloud, information systems, hardware, software and device security authorization and assessments, as well as the application and execution of policy, including project management support services.
• Validate the patching of systems, perform validation scanning, develop Plans of Action & Milestone (POA&Ms), and report as directed by applicable policies, procedures, and regulations.
• Provide subject matter expertise for COA development and the implementation of Cybersecurity mitigation strategies.
• Develop and implement required processes, procedures, and capabilities to mitigate vulnerabilities and weaknesses for software and hardware deployment.
• Identify, implement and validate continued effectiveness of key performance parameters and applied security measures.
• Perform analytics on cybersecurity posture and provide reports to the AO/DAO and applicable stakeholders as required per ISCM and AO/DAO direction.

Required Qualifications:

• 5+ years of progressive, relevant experience or equivalent combination of education and experience.
• Working knowledge of the RMF.
• Must have excellent communications skill (written and oral) and interpersonal skills.
• Knowledge and experience with DoD IA processes and policies (e.g., DODI 8510.01, NIST, CNSS and other cybersecurity policies, Chairman of the Joint Chiefs of Staff Manual (CJCSM) 65101.01, Incident Response and other IA policies).
• BA/BS Degree
• IAM Level II
• Active TS/SCI clearance is required.
• Must be a US Citizen and pass a background check.

​

Preferred Qualifications:

• Experience with the US Combatant Commands (USCENTCOM/USSOCOM) is desired.
• Technical background with system administration experience, architecture and engineering preferred.
• Technical background in networking, identity management, Microsoft and Linux operating systems, database, and mobility.
• Knowledge of the Telos Xacta or Enterprise Mission Assurance Support Services (eMASS) system is desired.

NA