Serco Inc.

Advanced Cyber Security Engineer

Recruiting Location : Location
Information Security/Cyber
Position Type
Security Clearance
Yes - May Consider Occasional/Part Time Teleworking for this position

Position Description

Advanced Cyber Security Engineer


If you love high profile and challenging programing projects supporting the US Navy- Serco has a great opportunity for you!  This Advanced Cyber Security Engineer will be on a dynamic team supporting a major acquisition command building Navy ships at the Washington Navy Yard.   Bring your expertise and collaborative skills to make an impact towards our military defense and safety of our sailors.


You will be part of a team that works closely with the customer and other Serco teams to deliver quality systems.   You will:

  • Provide information system software analysis, software requirements analysis and definition support, design, development, test, modification, installation, implementation, quality assurance, training, and documentation to meet the evolving data storage and reporting needs of programs and management.
  • Ensure all Contractor personnel performing cybersecurity functions possess and sustain the certifications and credentials required of the Information Assurance Workforce (IAWF)/Cybersecurity Workforce (CSWF), in accordance with NAVSEA Instruction 5239.7, DFARS, DoD8570.01-M and SECNAV M-5239.2, and DoD 8570.01-M, prior to accessing DoD information systems.
  • Analyze existing IT and IS databases, web sites, and IT applications and recommend new or improved interfaces and improved management tools that meet new management requirements or improve management effectiveness and efficiency.


  • Perform maintenance and technical support for Local Area Networks (LAN) and Wide Area Networks (WAN) that are outside the cognizance of the Navy Marine Corps Intranet (NMCI).


  • Modify, implement, and maintain web-based information systems and links.


  • Develop web-site structure, prepare documentation for population, and implement and maintain web sites.


  • Provide systems engineering and technical support for establishment, test, upgrade, and operational support of systems, networks, workstations and support equipment hardware and software that are outside the cognizance of NMCI.


  • Conduct Cybersecurity analyses using data provided as GFI, develop, recommend, and implement, monitor, update, and maintain Cybersecurity practices, procedures, equipment, algorithms, and hardware that are outside the cognizance of NMCI.


  • Perform periodic review of systems to ensure Cybersecurity is fully integrated into all phases of acquisition, upgrade, or modification programs, including initial design, development, testing, fielding, operation, sustainment, and disposal.


  • Ensure adequate security measures are incorporated into the system designs to satisfy Cybersecurity requirements.


  • Serve as Navy Risk Management Framework (RMF) Validator responsible for performing a compliance review and analysis of cybersecurity requirements; hereafter referred to as Navy Qualified Validators (NQVs) as defined by the NAVWAR Qualification Standard, Responsibilities, and registration Process for Navy Qualified Validators (NQV) of 4 March 2016 and SECNAVINST 5239.20A, Navy Information Assurance (IA) Program. 


  • Upon completion of the compliance review send the results to the PEO that will then submit the results to the Navy Authorizing Official (NAO) or Functional Authorizing Official (FAO), per applicable Navy RMF processes, for consideration in approving compliance.  In this capacity, independently validate cybersecurity artifacts developed by system owners for the systems identified including Systems Requiring Validation, and other systems under the cognizance of the Program Offices included in this solicitation as part of the RMF Accreditation and Authorization process that are uploaded to DoN Enterprise Mission Assurance Support Service (eMASS).


  • Develop RMF accreditation packages using current DoD Instruction 8510.01 accreditation methods, to include the System Authorization Boundary, Hardware/Software/Firmware list, Dataflow Diagram, Security Plan, Plan of Action and Milestones (POA&M), System Categorization, Enterprise Reporting RMF Scorecard, System Level Continuous Monitoring (SLCM) Strategy, Risk Assessment Report (RAR), Security Assessment Plan (SAP), and Security Assessment Report (SAR).


  • Identify security controls to be implemented to ensure compliance with applicable security standards, work with system owners to implement and test controls, prepare required artifacts, and complete actions required in the RMF in the timeframe in which they are required for systems under the cognizance of the Program Offices.


  • Provide Cybersecurity governance and policy support for Cybersecurity strategies aligned with business goals and objectives; develop Cybersecurity governance frameworks to support the Cybersecurity strategies; integrate Cybersecurity governance into enterprise governance, assist in developing Cybersecurity policies that guide the development of standards, procedures and guidelines; assist in developing business case analyses that justify the investment in Cybersecurity; and assist in identifying methods to select, implement and interpret metrics and key indicators.


  • Provide Systems Security Engineering and technical support in the development of trustworthy, Cyber Resilient systems with engineering-based solutions that manage the growing complexity, dynamicity and interconnections of today’s systems as exemplified by cyber-physical systems, control systems and systems of systems.  This approach shall address the engineering driven perspective and actions necessary to develop more resilient, defensible, and survivable systems, inclusive of the machine, physical and human components that compose the system.


  • Provide Assessment and Authorization (A&A) support services on all aspects of the DoD Risk Management Framework (RMF), process and support the management and execution of Cybersecurity Afloat A&A activities.


  • Perform a compliance review and analysis of cybersecurity requirements for afloat Control Systems/PIT. Support for the evaluation, assessment, incident response and statistical analysis/record keeping of Defense Industrial Base (DIB) Cleared Defense Contractors (CDC) compliance with DFARS 252.204-7012 and NIST Special Publication 800-171 R1, Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations. 


  • Analyze, develop, review, evaluate and provide recommendations for methods to obtain Information Assurance accreditation. In support of IA related efforts, you will:


  • Support data protection and segregation of data at different security classifications, assist and work to integrate CYBERSAFE methodologies onto current platforms and requirements (specifically SSBN, Columbia and VIRGINIA) and support providing direction following Vulnerability Assessment for platform specific IA requirements.


  • Monitor accreditation for Platform Information Technology (PIT) and Cross Domain Solutions, policy, process, and documentation work to continue process improvement and accelerate CYBERSAFE Tactics, Techniques, and Procedures (TTP) development.


  • Execute vulnerability assessments and correct deficiencies, manage technology, Cybersecurity Solutions and prioritize future development, aid with developing and continuing implementation of IA Technical Authority (TA) standards.


  • Monitor Accreditation efforts for TI18, TI20 and planning for out-years, assist the program office with communicating IA issues as early as practical as to reduce impact on modernization or operations and formulating and executing a NAVSEA Cybersecurity Domain Plan.


  • Provide direct expertise and assistance, as requested, to ensure that cybersecurity is fully integrated in accordance with DoDI 8500.01 and DoDI 5000.02.




To be successful in this role, you will have:


  • A current or active DoD Secret Security clearance.


  • A Bachelor's level degree in Computer Science or in a technical or managerial related field.


  • Eight or more years of experience with RDT&E and Business IT systems and the phases of Certification and Accreditation (C&A) process.


  • Qualification as a Level III Navy Qualified Validator (NQV) as defined by DoD Instruction 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT).


Additional desired experience and skills:

  • Ten or more years of experience in an Information Assurance (IA) or C&A related field.  Familiarity with and understanding of Navy IT sites, systems, and infrastructure. 


  • Experience working with Navy C&A efforts as a Navy Validator. Demonstrated oral and written communication skills to work closely with all levels of personnel involved in IT operations and technical aspects of systems.


If you are interested in supporting and working with our military and sailors and a passionate Serco team- then submit your application now for immediate consideration.  It only takes a few minutes and could change your career!


Company Overview

Serco Inc. (Serco) is the Americas division of Serco Group, plc. Serco serves every branch of the U.S. military, numerous U.S. Federal civilian agencies, the Intelligence Community, the Canadian government, state and local governments, and commercial clients. We help our clients deliver vital services more efficiently while increasing the satisfaction of their end customers. Headquartered in Herndon, Virginia, Serco Americas has over 9,000 employees and is part of a $4 billion global business that helps transform government and public services around the world. At Serco, our employees are our most valuable asset - we listen, respect and support them throughout their career at Serco. We invite you to become part of our dynamic team. Serco is an equal opportunity employer committed to diversifying our workforce (Race/ Color/ Sex/ Sexual Orientation/ Gender Identity/ Religion/ National Origin/ Disability/ Vets).


To review Serco benefits please visit:


If you require an accommodation with the application process please email: or call the HR Service Desk at 800-628-6458, option 1. Please note, due to EEOC/OFCCP compliance, Serco is unable to accept resumes by email.


Serco does not accept unsolicited resumes through or from search firms or staffing agencies without being a contracted approved vendor. All unsolicited resumes will be considered the property of Serco and will not be obligated to pay a placement or contract fee. If you are interested in becoming an approved vendor at Serco, please email


COVID-19 Regulations: Serco complies with all applicable COVID-19 requirements. This may require employees to be vaccinated against COVID-19, provide attestations regarding vaccination status and/or COVID-19 testing, or satisfy other conditions of employment that Serco deems appropriate, and employees may be required to show proof of vaccination and/or negative COVID-19 test results as a condition of employment (except in limited circumstances where an employee is legally entitled to an accommodation).


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

New to Serco?