Jan 14, 2020

Job ID 2019-3576 Risk Management Engineer

  • OBXtek Inc
  • Tysons, VA, USA
Full-Time Defense Engineering Finance Government Legal Program Management

Job Description

Job ID 2019-3576


OBXtek Inc. is an established, award-winning, service disabled veteran owned business providing information technology and professional management services to the federal government. Our corporate growth has coincided with our investment in our employees as well as in outreach to our civilian and military community.


OBXtek supports the State Department Bureau of Consular Affairs ISSO. The Bureau of Consular Affairs (CA) has three main areas: American Citizens, Passports, and VISAs. Each area develops applications, which require certification and accreditation.

OBXtek is looking for a candidate to perform the Risk Management Engineer (RME) functions as an information system security testing subject matter expert (SME) by providing expertise in developing and implementing security testing for multiple Consular Affairs/Consular Systems and Technology (CA/CST) systems during the Annual Control Assessments (ACAs).

In addition, the RME tracks and reports status, and brings any obstacles that may impact the completion of the ACA to the attention of the Project Manager and Team Lead in a timely manner. The RME ensures that ACA packages are submitted to State Department Information Assurance (IA) Office and follows up to ensure IA approval of ACAs prior to fiscal year end. The RME has the following roles indicated below and completes any other duties as assigned by the Project Manager (including RMF 1-3 duties):

The Risk Management Engineer is responsible for conducting and completing Annual Control Assessments (ACAs) for all Department of State Consular Affairs (CA) / Consular Systems and Technology (CST) Automated Information Systems (AIS) as part of continuous monitoring. This responsibility requires the engineer to complete work in a timely manner, conduct technical testing (e.g., verification of security compliance in Internet Information Services [IIS], Oracle and MS SQL Server databases, Windows and Linux platforms), and interview various government employees and contractors.

This position requires a working knowledge of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A and previous experience with the technical security testing of various types of software. The RME should be familiar with Commercial-Off-The-Shelf (COTS) products used to facilitate the Assessment and Authorization (A&A) of systems. The RM Engineer is responsible for entering all ACA results into the Consular Affairs Certification and Accreditation Management System (CACAMS) COTS application and creating Plan of Action and Milestones (POA&M) that result from the ACA so that they are actionable with realistic dates.

The RME also has the POA&M reviewer role which is responsible for the analyzing and assisting in the remediation of all Plan of Action and Milestones (POA&M) for all systems within the CA/CST. This responsibility includes identifying POA&M items with the stakeholder that can be resolved, gather artifacts, and reports open and closed POA&M in a clear and concise manner. The POA&M reviewer interacts with various teams including government, operations, and development to reduce the number of findings. The POA&M reviewer also conducts POA&M reviews of Certification findings prior to submission to IA.


Must have an Active Top Secret Clearance



* CAP Certification (Must obtain within 6 months of being hired)

* Bachelors or Masters Degree in Computer Science, Information Technology, or related field.

Technical Skills:

* Able to navigate through Operation System (OS)

* Able to run and/or create SQL scripts

* Able to review and interpret scans results

* 5-10 years relevant experience

* 2 years of experience within the field of IT security.

* Proficient writing and communication skills.

* Knowledge of FISMA Compliance and NIST guidelines including Risk Management Framework, SP 800-53, and SP-800-53A.

* A technical understanding of IT security as it relates to network, application, and database security.

* Knowledge of security compliance processes.

* Ability to complete manual checklists (IIS, SQL, Linux, Oracle, etc.).


* CISSP or other related IT security certifications.

Company Information

Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People...Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.

We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.

As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.

OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.


Program Management  



Security Clearance

Active Top Secret

Apply Now