Senior Cybersecurity / IT Systems Engineer

Company: Technovative ApplicationsRedBalloon posts jobs on behalf of client companiesJob SummaryPosition SummaryThe Senior Cybersecurity / IT Systems Engineer is responsible for designing, implementing, and maintaining secure IT environments supporting both Classified and Controlled Unclassified Information (CUI) systems.This role ensures full compliance with DoD cybersecurity requirements, including CMMC, NIST standards, and RMF, across networked, standalone, and air-gapped environments.This position owns end-to-end security posture, including system hardening, identity management, network security, and audit readiness.ResponsibilitiesCMMC & DoD ComplianceImplement and maintain controls aligned with Cybersecurity Maturity Model Certification (Level 2/3)Ensure compliance with NIST SP 800-171 (CUI) and NIST SP 800-53 (Classified systems via RMF)Support Risk Management Framework processes including system categorization, control selection, implementation, assessment, and ATO lifecycleDevelop and maintain SSPs, POA&Ms, and audit artifactsPrepare systems for C3PAO assessments and government accreditationClassified & CUI Environment SecurityDesign, implement, and maintain environments handling:Controlled Unclassified Information (CUI)Classified data (Secret and above)Enforce strict separation between classified, CUI, and unclassified networksImplement cross-domain and data transfer controls per DoD policyEnsure compliance with data handling, marking, storage, and transmission requirementsSupport SCIF operations and accreditation requirementsSystem Hardening & Secure ArchitectureApply and enforce DISA STIGs across all systemsDesign and secure:Standalone and air-gapped systemsClassified enclaves and secure processing environmentsHybrid cloud (GovCloud / Azure Government where authorized)Implement Zero Trust architecture and least privilege principlesOperating Systems (Windows & Linux)Administer and harden Microsoft Windows Server (2016/2019/2022)Manage Active Directory:Group Policy (GPO) enforcementPrivileged access control and auditingAdminister and secure Red Hat Enterprise Linux (RHEL 7/8/9)Implement:Patch management (WSUS, SCCM, yum/dnf)System auditing and logging (Event Logs, auditd)Secure authentication mechanismsIdentity & Access ManagementImplement Multi-Factor Authentication (MFA) across enterprise systemsEnforce identity governance, least privilege, and account lifecycle managementSupport CAC/PIV authentication and enterprise identity integrationNetwork SecurityArchitect secure network environments:VLAN segmentation and boundary protectionFirewalls, VPNs, IDS/IPSMonitor network activity and respond to security eventsEnforce secure data flows across classification boundariesEndpoint & Server SecurityDeploy endpoint protection and EDR solutionsConduct vulnerability scanning (ACAS/Nessus) and remediate findingsImplement file integrity monitoring and configuration controlMaintain secure configurations across all systemsAir-Gapped & High-Security SystemsDesign and operate air-gapped systems for classified and sensitive workloadsImplement controlled data transfer solutions:Media scanning and sanitizationManual review processesOne-way transfer mechanisms (data diodes where applicable)Maintain compliance without reliance on external connectivityRisk Management & Incident ResponseConduct risk assessments and continuous monitoringSupport incident detection, response, and forensic analysisMaintain system readiness for ATO and re-accreditationDocumentation & Audit SupportMaintain complete audit-ready documentation and evidence repositoriesProvide artifacts for CMMC and RMF auditsInterface with auditors, security teams, and government stakeholders