Own Your Future.
Modern Technology Solutions, Inc. (MTSI), is seeking a Cyber Security Engineer in Huntsville, AL.
Why is MTSI known as a Great Place to Work?
- Interesting Work: Our co-workers support some of the most important and critical programs to our national defense and security.
- Values: Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry.
- 100% Employee Ownership: we have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year.
- Great Benefits - Most Full-Time Staff Are Eligible for:
- Starting PTO accrual of 20 days PTO/year + 10 holidays/year
- Flexible schedules
- 6% 401k match with immediate vesting
- Semi-annual bonus eligibility (July and December)
- Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement account
- Up to $10,000 in annual tuition reimbursement
- Other company funded benefits, like life and disability insurance
- Optional zero deductible Blue Cross/Blue Shield health insurance plan
- Track Record of Success: We have grown every year since our founding in 1993
Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance.
MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.
For more information about MTSI, please visit www.mtsi-va.com.
Responsibilities
The Cyber Security, historically known as Information Assurance (IA), teams daily activities include
performing System Administration (SA) and Cybersecurity duties for a government lab, and ssessment
of any means by which an adversary can penetrate a system, network or enclave. The overall goal of IA
is to manage, assess, and mitigate risks to the systems that comprise the backbone of our program. To
do this successfully the team must continuously assess security controls, manage access and
authorization, monitor security controls, categorize findings, and implement mitigation strategies.
These tasks must be completed in such as way as to ensure that the overall security posture of the
system remains at a low risk without implementing the functionality of the system and adversely
affecting the mission or an event. At the highest level, the IA staff are tasked with managing Access
Controls, Awareness and Training, Audits and Accountability, Security Assessments and Authorization,
Configuration Management, Contingency Planning, Identification and Authentication, Incident Response,
Maintenance, Media Protection, Physical and Environmental Protection, Planning, Personnel Security,
Risk Assessments, System and Service Acquisition (third party software and hardware), System
Protection, Information Integrity, and Program Management. The team has been successful in
maintaining current as well as obtaining new system accreditations and is held in high regard among
MDA ICVA government leadership. The primary role is to evaluate, audit and record findings in
conjunction with the rules of DoD 8570. Experience with tools like ACAS, Elastic, SPLUNK, SolarWinds is
preferred. A summary of tasks recently completed in order to achieve this can be found below:
- Assessment of Vulnerabilities related to the operating system(s) and third party software.
- Generate and update POA&M’s for the current and newly released vulnerabilities.
- Executes POA&M path forward supportive of the vulnerability mitigation plan.
- Executes a validation controls test for each asset including the IA hardware tools. (e.g. IA laptop)
- Coordinates surveys based upon the DoD8500 guidance such as the Network Defense Service Provider (CNDSP).
- Evaluates program hardware lists for compliance with the MDA approved list or coordinates inclusion on the MDA approved list.
- Evaluates program software (open source and commercially-off-the-shelf (COTS)). Reference MDA Approved and Dis-Approved Lists.
- Generate, updates and collects Risk Management Framework (RMF) documentation for upload onto the eMASS database in support of new and existing accreditations.
- Execute annual site surveys utilizing Assured Compliance Assessment Solution (ACAS) for technical control compliance. Manually conducts physical, environmental and system observations.
- Generates and maintains standard operating procedures including but not limited to ACAS Scan Process, DCTL Image Update Process, ACAS Report Generation Process, User Account Creation Process, System Audit Process, and Sanitization Processes.
- Executes pre-delivery scans of all servers for an SIU-R and SIU-P’s prior to shipping to a site.
- Conduct analysis for captured scans and audit logs for over 600 systems (servers and portables).
- Generates action item/recommendation reports for findings that may be outside regulations (e.g. Proper use of a configuration account) in accordance with secure configuration standards.
- Evaluate current releases of DISA regulated IA vulnerability assessment tools.
- Supports the Hardware Configuration Control Board (HWCCB) as a voting member as required by DOD8500.
- Completes annual required continuing education hours per the DOD8570 including but not limited to updates to the Workforce Improvement Program (WIP) Database to provide certification tracking for all privileged accounts.
- Creates, coordinates, and staffs any waivers for risks or findings that cannot be mitigated without mission impact (e.g. Removable Media Waiver for CTO-M10-010).
- Conducts annual inspections to validate system updates and configuration compliance utilizing technical scans and physical observations at domestic and foreign sites approximately 10% travel.
Qualifications
- CompTIA Security+, CISSP, Linux + required
- Bachelors Degree in Information Technology or Applied Science or equivalent
- Minimum 10 years experience in information systems security, system administration, or similar fields
- Must have active current Secret Security Clearance
Please Note: U.S. Citizenship is required for most MTSI positions.
2024-9490