About this role
At Credence, we support our clients’ mission-critical needs, powered by technology. We provide cutting-edge solutions, including AI/ML, enterprise modernization, and advanced intelligence capabilities, to the largest defense and health federal organizations. Through partnership and trust, we increase mission success for war-fighters and secure our nation for a better future.
We are privately held, are repeatedly recognized as a top place to work, and have been on the Inc. 5000 Fastest Growing Private Companies list for the last 12 years. We practice servant leadership and believe that by focusing on the success of our clients, team members, and partners, we all achieve greater success.
We are seeking a mid-level Cybersecurity Engineer to join Credences' Technology Foundation Services Team. The Cybersecurity Engineer supports enterprise cybersecurity operations with an emphasis on Risk Management Framework (RMF) implementation, continuous monitoring, and compliance support for DoD information systems. This role provides cybersecurity engineering support to authorization and audit activities while coordinating closely with technical engineering teams responsible for remediation and system maintenance.
The role emphasizes RMF sustainment and assessment support, with a primary focus on cybersecurity compliance activities. The successful candidate will support assessment preparation, security documentation, POA&M development and tracking, and compliance reporting across on-premises and cloud environments.
Requirements
A secret security clearance is requiredDoD 8570 / 8140 IAT Level II is requiredMinimum 5 years of cybersecurity experience, with demonstrated involvement in RMF, compliance, or system authorization support.Experience supporting RMF documentation, assessments, and continuous monitoring activitiesFamiliarity with NIST SP 800-53, RMF, STIGs, and DoD cybersecurity policiesExperience with vulnerability management processes and POA&M development.Cybersecurity Engineering & RMF Support
Support RMF lifecycle activities, including control implementation support, assessment preparation, authorization sustainment, and continuous monitoringDevelop, update, and maintain RMF artifacts in eMASS, including SSPs, POA&Ms, assessment evidence, and supporting documentationSupport Security Test and Evaluation (ST&E) activities and validation of security control implementationAssist with preparation for cybersecurity inspections, audits, CCRIs, CVAs, and other compliance reviewsVulnerability & Compliance Coordination
Review vulnerability scan results, STIG findings, and audit outputs to support risk-based remediation planningDevelop and track POA&Ms associated with vulnerabilities and compliance findingsCoordinate with engineering and operations teams to ensure remediation actions are documented, validated, and reportedProvide compliance status updates, metrics, and briefing materials as requiredSecurity Documentation & Reporting
Develop and maintain cybersecurity documentation, including procedures, plans, technical narratives, and compliance artifactsSupport change management activities by providing security impact input and documentation updatesAssist with preparation of leadership reports, dashboards, and compliance briefingsTechnical Collaboration
Provide cybersecurity engineering input to system design, architecture, and configuration discussionsCollaborate with patching, endpoint, and infrastructure teams while remaining focused on governance, documentation, and complianceSupport enterprise cybersecurity initiatives, including Zero Trust and cloud security, from an engineering and compliance perspective