Cloud Cybersecurity Engineer Job Listing at SAIC in Alexandria, VA (Job ID 2600419)

Description

Description

SAIC is seeking an experienced Cloud Cybersecurity Engineer with expertise in IL4, IL5, and IL6 cloud environments, Authority to Operate (ATO) processes, and hands-on cybersecurity practices. 

This position will sit in Arlington, Virginia. 

The ideal candidate will have practical experience in security compliance, scanning and remediation (e.g., STIG, SAST, DAST), and the use of automation to enhance security operations. This role also requires advanced capabilities in vulnerability management, incident response, reporting, and control assessments.

Candidates must be willing to work on-site in Alexandria, VA, at least three times a week.

Job Responsibilities:

• Perform tasks required to obtain and maintain ATO certifications for systems operating in IL4, IL5, and IL6 cloud environments.
• Develop and maintain System Security Packages (SSPs), including conducting Control Assessments and compliance reviews.
• Evaluate and remediate findings related to cyber frameworks, such as FISMA, NIST 800-53.
• Assist with POA&M development and ensure that all remediation efforts are completed to meet timelines.

• Conduct and support STIG hardening, compliance verification, and implementation.
• Perform SAST (Static Application Security Testing) using tools such as SonarQube and ensure timely remediation of code vulnerabilities.
• Conduct DAST (Dynamic Application Security Testing) using tools like Burp Suite, addressing identified vulnerabilities.
• Oversee routine vulnerability scanning, using tools such as ACAS, and ensure all findings are remediated per organizational SLAs.

• Design and deploy cybersecurity automation solutions to streamline processes such as vulnerability management, compliance, and monitoring.
• Lead the implementation of automated dashboards and metrics tools that provide continuous visibility into security posture.
• Partner with cross-functional teams to ensure tools and platforms are properly configured for secure automation workflows.

• Manage enterprise-wide vulnerability management processes, including routine scans, prioritized remediation, and reporting.
• Respond to and manage cybersecurity incidents, implementing response procedures to mitigate and resolve issues in a timely manner.
• Act as the primary point of contact for incident tracking, forensics, and reporting to leadership and stakeholders.

• Generate detailed reports and actionable insights on vulnerability management, scanning results (code and infrastructure), POA&M statuses, and system readiness metrics.
• Maintain and present dashboards that communicate key cybersecurity metrics to technical teams and executive stakeholders.

Qualifications

Required Education

• Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; PhD and zero (0) years related experience; four (4) years of experience considered in lieu of degree. 

Qualifications;

• Proven hands-on experience working with IL4, IL5, and IL6 environments and securing cloud environments (e.g., Azure, AWS).
• Strong technical expertise in STIG implementation, SAST/DAST scanning and remediation, and vulnerability scans for both code and operating systems.
• Demonstrated success in obtaining and maintaining ATO within government frameworks.
• Prior experience in incident response and vulnerability lifecycle management.

Clearance:

• Candidate must have an active Secret clearance. 

Certifications:

• Relevant cybersecurity certifications such as CISSP, CAP, CEH, or equivalent are preferred.