Senior Principal Cyber Security Engineer

Business Unit:Cubic DefenseCompany Details:When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people's lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.

We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Job Details:

The candidate will join a cross-functional security team responsible for the security posture of commercial software products supporting DoD missions, software development environments for new product development, and maintaining regulatory compliance for business and information systems infrastructure. The role involves working both independently and within a team (with reach-back support available), using sound judgment to guide organizational entities through security frameworks, assessments, remediations, and improvements.

The candidate will collaborate with emerging product development teams, ensuring that security requirements are prioritized equally with functional requirements. Additionally, there will be opportunities to work on secure architectures, security procedures, and tests for newer technologies, including containers, Kubernetes, and service meshes.

Candidates must demonstrate critical thinking and problem-solving skills under limited supervision. They should adhere to engineering standards for developing testable, maintainable, and well-documented security practices in line with Agile development methodologies, tools, and release processes.
 

Essential Job Duties and Responsibilities:

• Identifies, investigates and resolves technical issues.
• Works under general direction within a clear framework of accountability and exercises substantial personal responsibility and autonomy.
• Strong verbal, written communications and interpersonal skills; ability to interact professionally with internal and external customers, and technical and non-technical persons.
• Conduct tool-assisted vulnerability and compliance assessments for production network environments and product deliveries and work with relevant personnel to resolve findings.
• Support program personnel with pre-customer-delivery security activities and artifacts .
• Keep NIST documentation up to date.
• Partner with software engineers to remediate security findings.
• Maintain security assessment environments and tools.
• Support program personnel keeping product relevant security scans/documentation/reports up to date.
• Support/improve development networks continuous monitoring activities.
• This is an on-site position, 9/80 work schedule.
• Will be required to travel to customer site (DISA Ft Meade HQ).

Minimum Job Requirements:

• Four-year degree in a relevant discipline, and/or the combined equivalent of experience and education.
• Candidates must have Secret security clearance.
• Candidates should possess 10 years of professional experience in cybersecurity, software engineering, network engineering, computer science, computer engineering or a related discipline.
• Any DoD 8570 security certifications: CompTIA Security+, EC-Council CEH, (ISC)2 CISSP, SANS GIAC cert, CAP, CND, Cloud+, GSLC, HCISPP, etc.
• Candidate must be able to prioritize work, complete multiple tasks and work within deadlines.
• Candidate must be adept in both verbal and written communication.
• Candidate must be responsible, organized, and leverage logical thought processes and work methods.
• Candidate should have the ability to produce technical writing artifacts describing security assessments, findings and remediation actions.  
• Candidate should possess strong analytical and problem-solving skills.
• Candidate should possess strong interpersonal and team-oriented skills.
• Candidate should be comfortable working in both remote and in-office environments.
• Moderate to Expert understanding of Unix/Linux-based operating systems (RedHat, CentOS, Rocky, Ubuntu, etc.).
• Moderate to Expert understanding of NIST frameworks and security assessments.
• Moderate to Expert demonstrable knowledge of some security tools (ex. ACAS, Grype, Nessus, Nmap, Prisma, Wireshark, OWASP ZAP, etc.).
• Moderate to Expert knowledge of virtualized environments.
• Moderate to Expert experience supporting software development teams and environments.
• Moderate to Expert understanding of Information Assurance and security requirements as it applies to the Department of Defense (IA controls, NIST, STIGs, etc.).

Preferred Qualifications

• Experience with various agile tools such as Jira, and Confluence.
• Experience developing and performing security assessments and/or accreditation packages.
• Moderate to advanced demonstrable knowledge of security tools.
• Experience implementing CIS benchmarks or DoD STIGs..
• Experience with automation and/or containerization technologies.
• Advanced understanding of Information Assurance and security requirements as it applies to the Department of Defense (IA controls, NIST, STIGs, etc.).
• Experience with SAFe / Agile concepts and methods.
• Experience working with database technologies like PostgreSQL and Redis.
• Experience with public cloud systems like Amazon Web Services, MS Azure, Heroku, etc.
• Have a TS clearance with SCI eligibility.

‎ 

Cubic Pay Range:

‎ 

The Cubic pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

‎ 

‎ 

Worker Type:Employee

---