General Dynamics Mission Systems is a leader in engineering high technology solutions and services for defense and scientific missions. They are seeking a Cybersecurity Systems Engineer to manage Navy information systems through the full ATO lifecycle and ensure compliance with security controls.
Shepherd multiple Navy information systems through the full ATO lifecycle (Categorize, Select, Implement, Assess, Authorize, Monitor)
Build and maintain authorization package artifacts: SSPs, SAPs, SARs, RARs, POA&Ms, architectural diagrams, HW/SW inventories, and continuous monitoring strategies
Develop, review, and maintain authorization boundary diagrams that clearly delineate system scope, data flows, interconnections, and external interfaces
Assess and validate NIST SP 800-53 security controls; write control satisfaction narratives with rigor to withstand SCA/AO scrutiny
Implement and validate STIGs across diverse system components; track findings through resolution or risk acceptance
Conduct vulnerability scans (ACAS/Nessus, SCAP), interpret results, and translate findings into remediation plans and residual risk determinations
Manage POA&M items - creation, milestone tracking, risk characterization, and closure with evidence
Support continuous monitoring including periodic control assessments, ongoing authorization evidence collection, and change-impact analysis
Integrate security assessment activities into DevSecOps CI/CD pipelines where applicable
Qualification
Required
Bachelor's degree in Engineering, or a related Science or Mathematics field, plus 1 year relevant experience; or Master's degree
Experience executing the RMF lifecycle (NIST SP 800-37) from categorization (FIPS 199/CNSSI 1253) through ATO and continuous monitoring
Control Assessment: Knowledge of NIST SP 800-53; ability to assess implementations, write defensible narratives, and identify gaps
STIG Implementation: Experience applying and verifying STIGs across OSes, network devices, databases, and applications using STIG Viewer and SCAP tools
Vulnerability Management: Experience with ACAS/Nessus; ability to interpret results and drive remediation
Documentation: Ability to produce and maintain RMF artifacts (SSPs, SARs, SAPs, RARs, POA&Ms) that satisfy RMF requirements
Stakeholder Communication: Can translate technical findings into risk-informed language for system owners and PMs
Systems Engineering Foundation: Understanding of system architectures, data flows, boundaries, and how security requirements map to implementations
Active Secret clearance (or ability to get one within a reasonable amount of time)
Preferred
Experience with Navy RMF implementation, including Navy-specific overlays, NAVSEA processes, and authorization workflows
Experience with eMASS and VRAM
Experience with DoD cloud authorization (IL4–IL6), FedRAMP reciprocity, or container security (Kubernetes/OpenShift)
