Mid-Senior Information System Security Engineer 124-001

Mid-Senior Information System Security Engineer:

Supports the technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations and recommends mitigation strategies. Maintains understanding of current DoD cybersecurity policy, procedures, and requirements. Supports implementation and maintenance of software and hardware solutions that enable compliance with cybersecurity requirements. Supports the development of documentation and supports the customer and third-party evaluators in support of system accreditation.

Duties:

• Perform security analysis to determine gap, compensating/mitigating controls, and residual risk.
  
• Identify security risks through the security impact analysis, system risk assessments and technology security risk reports.
  
• Employ scripting tools such as python, shell, PowerShell, ansible, and terraform to automate auditing and hardening actions. Experience with virtual machines and containerization a plus.
  
• Troubleshoot and remediate issues arising from cybersecurity components (IDS/IPS, firewall, log aggregation, etc.) in a heavily Linux environment. Experience with RHEL and basic networking a plus.
  
• Apply knowledge of security principles, policy, and regulations related to NIST 800-53.
  
• Conduct security compliance evaluations on IT products to create secure configuration guidelines and baselines based on DISA STIG/SRGs and organizational standards.
  
• Perform security evaluations using tools such as Tenable Nessus, Nmap, Wireshark, Metasploit, and container vulnerability scanners.
  
• Develop secure configuration guidelines and perform security compliant evaluations on various IT product types: Operating Systems, Network Devices, Databases, Cloud Applications, etc.
  
• Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on security assessments, whitepapers relating to computer and network security technologies and tools.
  
• Effectively and efficiently communicate and collaborate with external and internal customers of any hardware and software configuration changes that adversely affect any current system security and their configurations or violates policy.
  
• Implement the Cyber Security requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments. Experience with eMASS a plus.
  
• Implement IT security solutions and assures successful implementation. Experience with CI/CD a plus.
  

Education and Experience:

• High School or GED equivalent.
  
• 3-5 year relevant experience.
  

Training and Certifications:

• Security+ (Required)
  
• CISSP (Optional)
  

Security Clearance:

• Active TS SCI (Need to be willing to take a polygraph if needed)