B

Cybersecurity Engineer

Broadleaf Services
Full-time
On-site
Manassas, Virginia, United States
Cyber Security

Job Details

VA Corp - Manassas, VA
Full Time
4 Year Degree
Government - Federal

Description

Contingent Upon Contract Award

 

Are you a talented cybersecurity professional passionate about security and cloud technologies and interested in supporting DoD?  Join our team in supporting our customers as a cybersecurity engineer.  This is an exciting opportunity to apply your security expertise while contributing to high-impact projects in a fast-paced, collaborative environment. If you thrive on problem-solving, innovation, and working with cutting-edge technologies, this role is for you!


The Cybersecurity Engineer is to be responsible for implementing security controls, performing vulnerability assessments, managing RMF compliance, and ensuring cybersecurity readiness across multiple DoD installations. This role requires hands-on experience with security hardening, ACAS vulnerability scanning, DISA STIG/SRG compliance, and patch management. The ideal candidate will work closely with government stakeholders, cybersecurity leads, and compliance teams to maintain Authority to Operate (ATO) and protect mission-critical systems.

 

  • Perform quarterly ACAS vulnerability scans, STIG assessments, and remediation tracking.
  • Apply, validate, and maintain DISA STIG/SRG compliance across multiple systems and networks.
  • Support Risk Management Framework (RMF) implementation and ATO sustainment for DoD IT environments.
  • Conduct patch management, firmware updates, and system hardening in accordance with DoD cybersecurity policies.
  • Analyze vulnerability scan results, document findings, and support risk mitigation strategies.
  • Assist in incident response, forensic investigations, and security monitoring.
  • Ensure compliance with DoD 8500.01, DoD 8510.01 (RMF for DoD IT), and NIST 800-53.
  • Implement security baselines for Windows, Linux, network devices, and cloud environments.
  • Maintain cybersecurity documentation, audit logs, and compliance reports for leadership and government officials

Qualifications

Education:

  • 2 years of higher education required.  Bachelor’s in computer science, Cybersecurity or related field preferred. 
  • IAT Level II Certification (Required) (e.g., Security+, CySA+, CASP+, GSEC, CND).
  • Strong knowledge of DoD RMF (NIST 800-53, DoDI 8500.01, DoDI 8510.01) and Army Cybersecurity (AR 25-2).
  • Hands-on experience conducting ACAS vulnerability scans, STIG compliance assessments, and RMF security documentation.
  • Familiarity with incident response methodologies, SIEM platforms, and forensic tools.
  • Strong understanding of network security, endpoint protection, and identity & access management.

Experience:  

  • 3-5 years of experience in cybersecurity operations, vulnerability management, and RMF compliance within a DoD or federal environment.
  • Hands-on experience with ACAS scanning, STIG compliance, and patch management.
  • Strong understanding of Windows/Linux system security, network security, and DoD cloud security policies.
  • Experience supporting ATO package development and security documentation.
  • Familiarity with cloud security (Azure GovCloud, AWS GovCloud, or other FedRAMP-compliant environments).
  • Experience working in classified and unclassified DoD environments is a plus.  

Technical Skills:  

  • Risk Management Framework (RMF), ATO Sustainment, NIST 800-53 controls.
  • DISA STIGs, ACAS scanning & remediation, SCAP validation.
  • SIEM, log aggregation, and threat intelligence monitoring (Splunk, ELK Stack, QRadar).
  • Network security, firewalls, and endpoint protection tools (HBSS, CrowdStrike, Microsoft Defender).
  • Cloud security compliance (Azure Security, AWS Security, FedRAMP).
  • Power BI & Power Automate for security compliance reporting automation.
  • Identity & Access Management (IAM), PKI, Multi-Factor Authentication (MFA).  

Security Clearance: Must be a U.S. Citizen and possess an Active Secret Clearance (Required).

Preferred Certifications:

  • IAT Level II (Required: Security+, CySA+, CASP+, GSEC, or equivalent)

Advanced Certifications:

  • oCEH, PenTest+, OSCP, or GIAC (Offensive Security Focus)
  • oCCSP, AWS/Azure Security Specialty (Cloud Security)
  • oSplunk Certified Analyst (SIEM Operations)
  • oCertified Incident Handler (GCIH, ECIH)

 

Equal Opportunity Employer, including veterans and individuals with disabilities
 

Apply now
Share this job
Twitter Facebook Linkedin Email