Cyber Security Engineer

Cyber Security Engineer

Mid Level | $80,000 - $98,000 | Newport News, VA | Active Secret Clearance Required

Safeguard the systems that defend the nation—design, implement, and secure cutting-edge defense networks and applications supporting mission-critical operations.

A Day in the Life – What You’ll Do

• Design and implement secure system architectures, security controls, and defense-in-depth strategies.
• Conduct vulnerability assessments, RMF compliance checks, and security audits to identify and mitigate risks.
• Develop, refine, and enforce security policies, procedures, and risk mitigation frameworks.
• Perform code analysis and evaluate Java source code to identify vulnerabilities and recommend remediation.
• Monitor networks and systems for threats, anomalies, and potential breaches using ACAS and other DoD-approved tools.
• Lead incident response and conduct forensic analysis for security events.
• Apply and validate Security Technical Implementation Guides (STIGs) and implement configuration management controls.
• Collaborate with IT, software development, and systems engineering teams to integrate security throughout the software development lifecycle.
• Prepare detailed reports, documentation, and briefings to communicate technical findings to both technical and non-technical stakeholders.
• Provide mentorship and guidance to junior cybersecurity staff and participate in leadership-driven security initiatives.

Required Qualifications

• U.S. Citizenship
• Active Secret clearance
• Must work on-site full time in Newport News, VA (80–90% work performed in a secure lab)
• 2+ years with a Bachelor’s degree in Computer Science, Information Security, or related discipline
• CompTIA Security+ certification (DoD 8570 IAT Level II compliant)
• Strong technical expertise in cybersecurity principles, system design, and secure implementation
• Proficiency in Java code analysis for vulnerability identification and remediation
• Hands-on experience with Fortify and Software Security Center (SSC)
• Thorough understanding of:
• Risk Management Framework (RMF) controls and documentation
• ACAS scanning, configuration, and reporting
• Security Technical Implementation Guides (STIGs) and compliance enforcement

• Familiarity with industry-standard frameworks (NIST, ISO 27001) and incident response tools
• Strong analytical, documentation, and communication skills across technical and non-technical audiences

  Preferred Qualifications

• Master’s degree in Cybersecurity, Information Assurance, or related discipline
• Advanced certifications such as CISSP, CISM, CEH, or OSCP
• Experience with cloud security, virtualized infrastructure, or zero-trust architectures
• Background in policy development, project leadership, or managing cybersecurity teams
• Familiarity with automated vulnerability scanning, advanced threat detection, and SIEM tools
• Awareness of emerging cybersecurity technologies and trends in the defense sector

Who is Caribou Thunder?

Building Tomorrow, Grounded in Legacy
Caribou Thunder is a Woman, Native American, Minority Owned, WOSB, SDB, SBA, and HUBZone Certified small business. For decades, we’ve been at the forefront of delivering engineering excellence to national security programs. Trusted by the DoD, we develop and support mission-critical systems that protect our nation. At Caribou Thunder, we fuse tradition and innovation—with a deep sense of purpose rooted in integrity and service.

Why Caribou Thunder?