Lead Cybersecurity Engineer

at Serco
Published September 15, 2023
Location Washington, DC
Category Default  
Job Type Full-time  


Position Description

If you seek a rewarding, high profile and challenging position supporting projects for the US Navy- Serco has a great opportunity for you! The Lead Cybersecurity Engineer will be on a dynamic team, supporting Team Submarine. Bring your expertise and collaborative skills to make an impact towards our military defense and safety of our sailors.

Serco-NA is actively seeking a cleared, Secret, Lead Cybersecurity Engineer, Fully Qualified Navy Validator III to support a major acquisition command building Navy ships located at the Navy Yard in Washington DC.

Team Submarine's Submarine Program Offices are responsible for the acquisition of the nuclear submarines, PMS397 the COLUMBIA Class, PMS450 the VIRGINIA Class, and for SSN(X), the future fast attack submarines. Team Submarine offices are also responsible for identifying, assembling, managing, directing, and coordinating the resources required for the R&D, design, construction, Test and Evaluation (T&E) and Live Fire Test and Evaluation (LFT&E) of the submarines. These programs are major defense acquisition programs and is of significant political importance with Congress and the Office of the Secretary of Defense (OSD).

Serco supports the US Navy as a prime for their Team Submarine contract supporting the acquisition of submarines. The Team Submarine concept unifies once diverse submarine-related activities into a single submarine-centric organization with the goal of eliminating traditional stovepipe structures and processes that created impediments and inefficiencies in the submarine research, development, acquisition, and maintenance communities. Team Submarine provides improved communication among the various offices that contribute to the overall success of the United States Submarine Force.

Serco-NA has an opening for a Lead Cybersecurity Engineer to support the U.S. Navy in the Washington, DC area. Submarine experience is a plus. In this position, you must have strong leadership and problem-solving skills to assist with the daily operation of the Program Office. You will continually work with team members on all levels, so strongly developed written and verbal communication skills are crucial. You should have knowledge on how the Program Office functions, so it is best if you have experience working in the submarine community.

In this role, you will:

  • Perform activities required within the DoD Instruction 8510.01 DoD Risk Management Framework (RMF) (formerly the DoD Information Assurance Certification and Accreditation Process (DIACAP)) to obtain Authorization to Operate (ATO) with Conditions or ATO prior to fielding of all TEAM SUB Enterprise Business Mission Area (BMA), DoD Portion of Intelligence Mission Area (DIMA), Enterprise Information Environment Mission Area (EIEMA), and Warfighting Mission Area (WMA) ashore and afloat systems. Develop RMF accreditation packages using current DoD Instruction 8510.01 accreditation methods, to include the System Authorization Boundary, Hardware/Software/Firmware list, Dataflow Diagram, Security Plan, Plan of Action and Milestones (POA&M), System Categorization, Enterprise Reporting RMF Scorecard, System Level Continuous Monitoring (SLCM) Strategy, Risk Assessment Report (RAR), Security Assessment Plan (SAP), and Security Assessment Report (SAR).

  • Identify security controls to be implemented, work with system owners to implement and test controls, prepare required artifacts, and complete actions required in the RMF in the timeframe in which they are required.

  • Provide subject matter expertise regarding the development of RMF packages and the RMF process for a portfolio of approximately two hundred systems. In this capacity, serve as a resource in both package development and in navigating the RMF process for the Team SUB enterprise.

  • Serve as Navy Risk Management Framework (RMF) Validator.

  • Independently validate cybersecurity artifacts developed by TEAM SUB Enterprise system owners (approximately two hundred systems) as part of the Risk Management Framework Accreditation and Authorization process that are uploaded to DoN Enterprise Mission Assurance Support Service (eMASS).

  • Organize and assist with the updating and coordination of records in the TEAM SUB Enterprise Cybersecurity portfolio of all Business Mission Area (BMA), DoD Portion of Intelligence Mission Area (DIMA), Enterprise Information Environment Mission Area (EIEMA), and Warfighting Mission Area (WMA) ashore and afloat systems.

  • Validate that all DON-specified cybersecurity- specific information systems, including Enterprise Mission Assurance Support Service (eMASS), Procurement Business Intelligence Service (PBIS), DoD IT Portfolio Repository (DITPR)-DON, Vulnerability Remediation Asset Manager (VRAM), the DON Application and Database Management System (DADMS), and the Enterprise Reporting Service (ERS) Cybersecurity Scorecard on Secret Internet Protocol Router (SIPR) network, are continuously accurate and reflect the cybersecurity posture of TEAM SUB and its assigned field activities, including NUWC and SUBMEPP and provide status to TEAM SUB staff.

  • Respond to data calls from DoD, DON, and NAVSEA organizations.

  • Review all system DITPR-DON and DADMS records assigned to the TEAM SUB Enterprise to validate that these systems are current and compliant with Federal Information Security Management Act (FISMA) applicable cybersecurity regulations, as evidenced by the FISMA Scorecard remaining in the compliant (Green) status for a combined portfolio of approximately two hundred systems.

  • Participate in the TEAM SUB Enterprise/DON's annual cybersecurity review of all TEAM SUB BMA, DIMA, EIEMA, and WMA Systems. This participation shall include liaison with DON and NETWARCOM personnel to review methodology, validate that TEAM SUB systems are compliant, accurate, and ready for inspection, coordinate reviews, and coach cognizant programmatic and technical personnel to help TEAM SUB personnel ensure that applicable DoD regulations identified by DoDI 8500.01 and DoDI 5000.02 are followed, and that TEAM SUB systems (approximately 200 systems) meet FISMA reporting and privacy requirements.

  • Assist in the investigation of inadvertent electronic spillages of classified information, and draft and submit reports to the ASM concerning the spillage and the impact.

  • Assist with the coordination of investigations with NAVSEA, Naval Criminal Investigative Service, Defense Security Service, and other authorities.

  • Initiate and coordinate remediation actions, and track to closure.

  • Educate personnel via training, Team Talks, e-mail reminders, or through the use of online training to prevent future spillages and recommend policy or procedural changes when needed.

  • Provide direct expertise and assistance to ensure that cybersecurity is fully integrated into the system lifecycles of all TEAM SUB acquisition and life-cycle maintenance platform programs in accordance with DoDI 8500.01 and DoDI 5000.02.

  • Good communications skills and excellent word processing, database, spreadsheet programs, Microsoft applications.


To be successful in this role, you will have:

  • A current or active DoD Secret security clearance.

  • A Bachelor's degree in computer science, management information systems, or related fields or equivalent experience.

  • Eight or more years' experience with RDT&E and Business IT systems and the phases of Certification and Accreditation (C&A) process.

  • Qualification as a Level III Navy Qualified Validator (NQV) as defined by DoD Instruction 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT).

  • Experience working with Navy C&A efforts as a Navy Validator. Demonstrated oral and written communication skills to work closely with all levels of personnel involved in IT operations and technical aspects of systems.

  • The ability to trave at least 10% of the time.

Additional desired experience and skills

  • Ten or more years of experience in an Information Assurance (IA) or C&A related field. Familiarity with and understanding of Navy IT sites, systems, and infrastructure.

If you are ready to take the next step of your career path, apply today!

Company Overview

Serco Inc. (Serco) is the Americas division of Serco Group, plc. In North America, Serco's 9,000+ employees strive to make an impact every day across 100+ sites in the areas of Defense, Citizen Services, and Transportation. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state, provincial and local governments, and commercial clients. While your place may look a little different depending on your role, we know you will find yours here. Wherever you work and whatever you do, we invite you to discover your place in our world. Serco is a place you can count on and where you can make an impact because every contribution matters.

To review Serco benefits please visit: www.serco.com/na/careers/benefits-of-choosing-serco .If you require an accommodation with the application process please email: [Click Here to Email Your Resumé] or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.

Candidates may be asked to present proof of identify during the selection process. If requested, this will require presentation of a government-issued I.D. (with photo) with name and address that match the information entered on the application. Serco will not take possession of or retain/store the information provided as proof of identity. For more information on how Serco uses your information, please see ourApplicant Privacy Policy and Notice (https://www.serco.com/na/privacy-policy) .

Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email [Click Here to Email Your Resumé] .

Serco is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

Click here to apply now (https://careers-sercous.icims.com/jobs/60018/lead-cybersecurity-engineer/job?mode=apply&apply=yes&in_iframe=1&hashed=-1834477830)

New to Serco?

Join our Talent Community! (https://talent.serco-na.com/talentcommunity/signup)

ID 60018

Recruiting Location : Location US-DC-Washington

Category Engineering

Position Type Full-Time

Security Clearance Secret

Telework No - Teleworking not available for this position

Campaign LPMETS