Join Our Stellar Team at Castalia Systems!

Are you ready to skyrocket your career with us? We're on the lookout for ambitious individuals who are eager to make their mark in a diverse and thriving environment.

At Castalia Systems, we're not just another company – we're a certified Woman Owned Small Business (WOSB) and Small Disadvantage Business (SDB) committed to excellence since 2011. Join us in delivering top-tier solutions to the dynamic Defense and Intelligence sector.

As valued members of our team, we prioritize your well-being. Enjoy a comprehensive benefits package, including medical, dental, and vision coverage, 401k matching, generous PTO, paid holidays, professional training opportunities, and even pet insurance to ensure your furry friends are cared for too.

Castalia Systems is seeking a Cyber Security Engineer in the Herndon, VA area.

Castalia Systems is currently seeking a Cyber Security Engineer to join our team on an exciting program with one of our government customers.  We are seeking a strong Cyber Security Engineer (CSE) OR Information security systems engineer (ISSE) to assist in establishing, coordinating, and maintaining our cloud service provider (CSP) cyber security posture and perform risk analysis within cloud security organization.

The organization manages security assessments, security compliance, change management, and continuous monitoring responsibilities across 5 cloud service providers (Amazon Web Services, Google Cloud, Oracle Cloud, Microsoft Azure, and IBM Cloud). The position requires a healthy mix of technical and policy knowledge. Our ideal candidate shall understand and have experience implementing services to intelligence community standards like ICD 503, NIST Risk Management Framework, and cloud technologies.

A qualified candidate will perform the following duties and responsibilities, but are not limited to:

• Lead technical exchange meetings with cloud service provider to review cloud service architecture.
• Evaluate data flow and architecture diagrams of cloud services for compliance with security standards.
• Assist with reviewing, maintaining, and ensuring all Assessment and Authorization (A&A) documentation, including Customer’s security plans, are complete, of high quality, and ready for authorization.
• Assist with developing risk mitigation strategies, solutions, and recommendations through conducting and/or participating in holistic information security testing assessments.
• Perform and provide the risk tradeoff analysis that weighs competing equities of cyber security compliance, cost, and mission needs.
• Assist with developing, documenting, and assessing measures and metrics as they pertain to information security assessments and risk acceptance.
• Provide guidance and recommendations concerning all aspects of the Commercial Cloud Enterprise (C2E) A&A, the functions of sub-processes, and the impact of changes when required.
• Review Plan of Actions and Milestones (POA&Ms) to ensure programs are making progress in mitigation risk to system.

Security Clearance Requirement:

• Active/current TS/SCI with Polygraph is required.

Required Qualifications:

• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.

• Multiple years’ relevant experience (minimum 5 years, 10+ years is strongly desired) in Cyber Security with a passion to learn in a fast-paced environment.

• The ability to analyze systems, including forensically, for malware, misuse, and/or unauthorized activity.

• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other Cyber Security related concerns.

• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring tools and systems.
• Self-starter mentality

• Familiar with Amazon Web Services, Oracle Cloud, Google Cloud, IBM Cloud and Microsoft Azure cloud architecture or willingness to study independently to pick up expertise in one or many cloud vendors.

• Strong communication skills are required to engage with internal stakeholders and external stakeholders across intelligence community.

• Ability to conduct TEMs with cloud service providers on cyber security topics.

• Knowledge and experience of intelligence community security policies; relevant federal and private standards and requirements (e.g., ICD 503, CNSSI 1253, NIST SP 800-53)

• Experience working with a federal information security program and collaborating with Security Control Assessors (SCAs).

• Ability to understand and convey threats and impact of threats related to the results of a security assessment.

• Familiar with continuous monitoring requirements to include scan analysis for critical or high findings with common scan tools (e.g., Rapid 7, Nessus, Qualys).

• Experience with creating, monitoring, and closing system or service Plans Actions and Milestone items (POA&Ms).

• Experience with utilizing compliance tools to track Assessment and Authorization (A&A) activities (e.g. Xacta 360, Risk Vision, RSA Archer).

• Knowledge of common control provider concept within NIST Risk Management Framework (RMF).

Desired Qualifications: 

• Ability to provide technical cyber security guidance.
• Ability to convey technical information to non-technical individuals.

• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies.

• Ability to work in a dynamic and challenging environment.

Castalia Systems is an equal employment opportunity and affirmative action employer and strives to comply with all applicable laws prohibiting discrimination based on race, color, creed, sex, sexual orientation, age, national origin, or ancestry, physical or mental disability, veteran status, marital status, HIV-positive status, as well as any other category protected by federal, state, or local laws. All such discrimination is unlawful, and all persons involved in the operations of the company are prohibited from engaging in this type of conduct.