Engility delivers innovative solutions to critical challenges facing the nation and the world. As a premier provider of integrated services for the U.S. government, we support the Department of Defense, intelligence community, space communities, federal civilian agencies and international customers. Engility is dedicated to making lives better, safer and more secure.
Performs cybersecurity test and evaluation (T&E) of Information Technology/National Security Systems (IT/NSS) to assess system capabilities that support the protection of system data, detection of unauthorized system activities, reaction to system compromises, restoration of system capabilities, and continuous monitoring for system threats. Conducts cybersecurity T&E throughout the full system acquisition lifecycle, supporting both Defense Cyber Operations (DCO) and DoD mission systems. A cybersecurity T&E analyst follows and applies common T&E practices and DoD cybersecurity/information security directives and instructions during the following processes: identify requirements, verify user needs, develop evaluation approach, collect data, analyze data, and report on findings. Reviews, analyzes, and IT systems information security operations. Reviews and analyzes blueprints, schematics, and technical drawings, diagrams, and specifications. Must be able to review, analyze, and interpret customer information. Solicits system requirements and associated operational environments to produce an evaluation approach that supports T&E objectives. Shares and briefs cybersecurity T&E project milestones to all levels of stakeholders. Conducts and may oversee cybersecurity testing of processes and products. Responsible for the design and implementation of test procedures to determine if standards and criteria are met. Recommends adjustments to the cybersecurity processes or detailed procedures if appropriate. Responsible for all activities involving quality assurance and compliance with applicable regulatory requirements; conducts audits and reviews/analyzes data and documentation. Relies on manual methods and automated test tools to execute the cybersecurity assessment and collect data. Inspects, tests, and measures data that is produced or consumed. Must be able to document, notify, brief, and discuss results. Records all initial findings and documents final test results in a designated formal cybersecurity report. Accounts for anomalies and errors found in testing, notifies customers and management, and may help analyze and/or correct problems.
Demonstrates expertise in a variety of cybersecurity concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals. Performs a variety of complex tasks. A wide degree of creativity and latitude is expected. Leads and directs the work of others. Typically reports to top management or executive. May provide consultation on complex projects and be a top level contributor/specialist. Must be expert at problem solving, identifying risk, and communicating results and recommendations.
Requires a Bachelor’s degree in a directly related curriculum from an accredited and at least eight years of experience in a directly related field, or a Master’s degree in a directly related curriculum from an accredited institution and at least 5 years of experience in a directly related field. One year of experience can be substituted by 15 semester hours completed towards a Master’s degree in a directly related curriculum. Two years of experience can be substituted by completion of a Master’s degree in a directly related field. Additional certifications in the area of specialization may be substituted for 1 year of experience.
Acceptable degree specialties include but are not limited to the following: Information Technology, Mathematics, Computer Networking, Cybersecurity, and various engineering and science disciplines.
On-the-job experience must be in specific cybersecurity fields and/or testing areas. This work requires understanding of Department of Defense cybersecurity/information security directives and instructions.
Analysts must possess experience with DoD’s defense in depth architecture; the capabilities associated with the DoD architecture; and Information Assurance (IA) / Computer Network Defense (CND) Policies and Procedures. This labor category requires specific training for the Information Assurance Technical (IAT), Information Assurance Management (IAM), CND Analyst, CND Auditor, and IA Systems Architects and Engineers (IASAEs).
Examples of relevant Government or industry training include, but are not limited to, Defense Acquisition University Test and Evaluation Level 1/2/3 certification and United States Federal or DoD school training and certification on a specific system, network, or technology.