Cyber Security Engineer / NIST Specialist

American Roll-on Roll-off Carrier is seeking an experienced (5+ Years) Cyber Security Engineer with strong hands-on implementation experience with NIST 800-171 / CMMC Level-2, NIST 800-53 and/or NIST CSF controls.

In this role, you will:

• Develop and maintain NIST 800-171 / CMMC Level 2 POA&Ms, system security plans (SSPs), detailed policy & procedure documentation, and supporting evidence/artifacts.
• Be execution responsible for the implementation of (and continuous review, update and verification of) the Company’s IT-related security and compliance requirements and initiatives.
• Collaborate with both internal resources and external consultants and auditors, to facilitate compliance reviews, assessments and gap analyses.
• Prepare for and facilitate CMMC assessments, including self-assessments and third-party audits by Certified Third-Party Assessor Organizations (C3PAO).
• Assist internal teams in understanding CMMC requirements and their impact on organizational processes, technology, and security
• Develop and deliver cyber-related training programs for employees/stakeholders.
• Stay current on CMMC program changes and evolving cybersecurity standards from NIST and other relevant bodies.
• Gain a thorough understanding of all of the Company’s technology, and the business and operational processes they facilitate, sufficiently to evaluate controls and identify risk and compliance concerns.
• Develop and verify IT-related remediation and contingency plans.
• Develop and review, continuously, cybersecurity advisories, logs, training, and reports, to assure security.
• Design/identify, implement, and maintain automated solutions, to facilitate proactive notifications of security-related issues/incidents, including unauthorized or inappropriate configuration changes.
• Be a reliable, responsible, and accountable self-starter, able to prioritize tasks and work independently.

Required skills/experience:

• Minimum of 5 years of experience in a Corporate IT environment, in a hands-on role dedicated to information security compliance, systems security, IT risk management, IT audit, or similar/related.
• Demonstrated hands-on experience with NIST 800-171 and ISO-27001 controls.
• Hybrid position but must be within commuting distance to Northern NJ for regular meetings. Occasional travel.
• Experience independently evaluating controls that are applied to technology-driven processes.
• Experience authoring and maintaining detailed documentation that defines policies, procedures, and execution plans, and as proof/support of compliance.
• Strong knowledge of enterprise Information Security pillars (Perimeter security, Identity Management and Governance, Privileged Account Management, Compliance, Penetration testing, Encryption, Cloud Security, Incident Response, Vulnerability Management).
• Familiarity with a variety of technologies, operating systems, databases, and reporting and data analytics tools.
• Ability to effectively communicate security-related concepts to a broad range of technical and non-technical professionals.
• Excellent project, time management and organizational skills.
• Eligibility for security clearance.
• Bachelor’s degree in computer science, cyber/information security, or similar.

A plus if you have any of these:

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISM), Certified Information Systems Manager (CISA), GIAC (multiple certifications), or other similar certification(s) related to cyber and information security.
• Demonstrated experience with NIST 800-53, NIST CSF, SANS / CIS Top 20, FedRAMP, FISMA and GDPR.
• Experience with scripting tools such as PowerShell, Python (or others).
• Experience with vulnerability management and understanding of common vulnerability types and remediation practices.
• Experience in container solutions (Docker preferred).

Target Salary to $135k (DOE)

About ARC

ARC provides global logistics and shipping services to the U.S. Government. ARC and its affiliates own and manage the largest U.S. flag roll-on roll-off (Ro-Ro) fleet. This includes providing American-owned, managed, and crewed RoRo shipping and intermodal services committed to the requirements of the Department of Defense, other U.S. Government departments and agencies, and commercial customers.

.