Senior Cybersecurity Engineer

Senior Cybersecurity Engineer

Be the Difference

Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, Huntsville, AL and Burlington, MA with an additional 36 locations across the U.S.

Astrion has an exciting opportunity for a Senior Cybersecurity Engineer for the Tenants Contract, supporting the Air Force Division at the Air Force Research Laboratory Munitions Directorate's Integration and Operations Division (AFRL/RWOC) at Eglin AFB, FL.

Astrion is seeking a mission-focused Cybersecurity Engineer to work in tandem with network engineering to secure and defend multiple Science & Technology (S&T) networks-advanced, high-bandwidth, and configurable network supporting the research and development needs of scientists, engineers, and collaborative partners. This role requires a strong understanding of cybersecurity principles, risk management, and secure computing architectures to protect unclassified, collateral, and Special Access Program (SAP) networking environments critical to weapons technology innovation.

The ideal candidate brings expertise in implementing and managing cybersecurity controls, conducting vulnerability assessments, and ensuring compliance with DoD security policies. You will collaborate closely with network engineers to integrate security into network designs, support DevSecOps initiatives, and maintain a robust security posture across isolated and connected enclaves-all while enabling operational excellence and scientific agility.

JOB DETAILS

LOCATION: Eglin AFB, FL

JOB STATUS: Full Time

TRAVEL: None

REQUIRED QUALIFICATIONS / SKILLS

• Education: Master's Degree (in Computer Science, Cybersecurity or a related field). Relevant experience may be substituted for the degree.
• Experience: 10 Years' total experience, at least 8 of which is in cybersecurity engineering, architecture or R&D infrastructure.
• Security Clearance: Secret Clearance. Top Secret Eligible. Eligible for Special Access Program (SAP) access. US Citizenship is required.
• Certifications:

• DoD 8570/8140 IAT Level III (CISSP, CISM, or equivalent).
• Certifications: Security+, CEH, or other relevant security certifications.

• Expert-level knowledge of cybersecurity principles, risk management, and secure computing architectures.
• Hands-on experience with security tools and technologies, such as SIEM, intrusion detection/prevention systems, vulnerability scanners, and endpoint protection solutions. Experience with Host-Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), Nessus, Tenable.sc, Tenable.io, NNM, LCE, Nessus Manager, Agents, and Scanner.
• Experience with scripting (Python, PowerShell) and automation tools (Ansible, Chef).
• Familiarity with Risk Management Framework (RMF), Authority to Operate (ATO) documentation, and enclave compliance management.
• Physically able to lift up to 50 lbs; adaptable to fieldwork and hands-on installations.

RESPONSIBILITIES

Architecture, Design & Innovation

• Collaborate with network engineers to architect secure network topologies for current and future connected and isolated environments, ensuring security is embedded in the design phase.
• Design and deploy security solutions for S&T environments that support continuous research, development, and DevSecOps, working closely with network engineers to implement and maintain these solutions.
• Advise on security planning for long-term initiatives, including SDREN integration and the Weapons Technology Integration Center (WTIC) and other facility projects, in conjunction with network planning efforts.
• Develop security innovation roadmaps aligned with mission goals and emerging technologies, coordinating with network engineers to ensure alignment with network modernization efforts.

Infrastructure & Facilities Integration

• Coordinate with facilities, engineering, and network teams to ensure robust infrastructure supports secure research operations, focusing on the security aspects of network hardware/power/cooling needs and structured cabling.
• Lead security aspects of containerization, virtualization, and orchestration of systems to support laboratory computing, HPC, and edge devices, working with network engineers to implement secure configurations.

Security, DevSecOps & Compliance

• Engineer multiple S&T networks security architecture in compliance with NIST 800-series, DoD RMF, DISA Security Technical Implementation Guides (STIGs), and cybersecurity best practices, collaborating with network engineers to ensure seamless integration. Review engineering, architecture, and designs to ensure DoD security policies are met.
• Implement DevSecOps pipelines to automate security scans and CI/CD deployments, working with network engineers to integrate security into existing pipelines.
• Manage ATO package development and collaborate with ISSMs, network engineers, and cybersecurity stakeholders to ensure compliance. Review and develop RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Integrate identity management and single sign-on solutions across enclaves and hybrid environments, coordinating with network engineers to implement and maintain these solutions. Analyze and tune HBSS policies for assets during integration test events. Perform verification and troubleshooting across all HBSS modules. Install updates to HBSS software as released and in compliance with STIG requirements. Monitor HBSS software to ensure that the clients/servers are operational and reporting properly; test and provide software fixes as needed. Monitor HBSS for any intrusions or rogues.

System Engineering, Virtualization & Cloud Integration

• Deploy and maintain security controls for hybrid cloud services and virtualization platforms (e.g., VMware, AWS, Azure), working with network engineers to ensure secure configurations.
• Design and manage security aspects of storage (SAN, EFS, EBS), automation (Terraform, Packer, Ansible), and orchestration (Kubernetes, Docker) solutions.
• Enable secure connectivity between scientific equipment, cloud resources, and virtual desktops, collaborating with network engineers to implement and maintain these connections.

Monitoring, Tooling & Documentation

• Monitor system and network security performance using SIEM platforms, intrusion detection systems, and custom dashboards, working with network engineers to correlate data and identify security incidents. Monitor Security Information and Event Management (SIEM) and Intrusion Detection and Intrusion Prevention Systems (IDS/IPS) for cloud services.
• Document security architectures, procedures, and system configurations with tools like Lucidchart, Visio, and Confluence, ensuring documentation is aligned with network documentation. Maintain system documentation including the ATO and other applicable documents.

• Provide knowledge transfer, mentorship, and technical guidance to engineers and stakeholders on security-related matters, working with network engineers to provide comprehensive guidance. Install, configure, and maintain multiple ACAS Security Centers (SC) and ACAS scanners. Install updates to Tenable software as released and in compliance with STIG requirements. Deploy, maintain, and tune Tenable scanners to meet current and future needs. Create, deploy, and manage Tenable scan configurations. Ensure that the ACAS scanners and Security Center are operational and reporting properly. Perform security compliance and vulnerability assessments specifically developing and applying STIG or CIS baselines for various operating systems, including Windows or RHEL and CentOS. Perform analysis of ACAS and SCAP scans along with STIG checklist to develop POAMs. Run vulnerability scanning tools, such as Trend Micro, ACAS and other commercial and GOTS.

What We Offer

• Competitive salaries
• Continuing education assistance
• Professional development allotment
• Multiple healthcare benefits packages
• 401K with employer matching
• Competitive time off policy along with a federally recognized holiday schedule

Who We Are

At Astrion, we innovate, elevate, and shape the world of tomorrow. At our core is our purpose to "Be the Difference". This means we encourage our employees to take action and be the driving force for positive change. We foster an environment where innovative solutions flourish, and our company continuously evolves.

We have a culture of care, empathy, and making a tangible difference within our organization and communities. We embrace continuous learning, growth, and innovation, and pushing the boundaries of what's possible. We promote collaboration and empowering our teams is at the core of our success.

Be the Difference

Astrion offers comprehensive services that boost preparedness, optimize performance, and ensure success across various domains, from Cyber to Digital, Mission and Systems, servicing our nation's Civilian, Defense and Space communities. We support customers with Centers of Excellence in Washington DC, and Huntsville, AL with an additional 36 locations across the U.S.

Join Astrion and Be the Difference in your career and the world!

Astrion is an Equal Employment Opportunity Employer. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

#CJ

"TENANTS"

#FloridaJobs
#LI-LP1