Not Authorized
You are currently not authorized to access this section.
Please contact your Administrator to change your authorization settings.
Please contact your Administrator to change your authorization settings.
Security Engineer III
Washington, DC
Job Description
Requisition #: 290
Job Title: Security Engineer III
Location: 1155 21st St NW Washington, District of Columbia 20581
Clearance Level: Active DoD - Public Trust
Required Certification(s):
* Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.)
SUMMARY
XOR Security, an Agile Defense Company is currently seeking a talented Senior Network Security Engineer to support Agency-level Cybersecurity Program to streamline the current Architecture and Engineering approach with a focus on roadmap planning. The ideal candidate enjoys activities defined to be "as is" and "to be" architectures including the business, data, application and technology layers along with a high-level implementation plan.
The ideal candidate will play a pivotal role in shaping the CFTC's cybersecurity strategy, providing support to understand and develop system requirements and technical solutions based on the CFTC system architectures as follows: Support the maturation of CFTC's enterprise architecture to align with the: Commission's information security and risks to the organizational operations, organizational assets, and individuals You will support the government in all aspects of planning, designing, implementing, optimizing, and troubleshooting the network security system to improve the organization's efficiency and resiliency. You will further support the government in protecting the network from threats that could attack it, including existing dangers, mishaps, and malicious attacks. You will develop alternative system designs and architectures and consider trade-offs between security requirements, functional/operational requirements, and cost. You will review and describe the impact of new or changing federal policies. You will review and describe the impact of new or revised legislation and regulations (OMB, DHS, FISMA, and more). In coordination with Enterprise Architecture and the Architecture Review Board, you will provide cybersecurity engineering expertise to conduct technical analysis of board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms. As a cybersecurity engineer, you will be at the forefront of technology, conducting research and presenting analyses to evaluate and/or identify and describe emerging industry technology trends, government agency best practices, and security issues.
JOB DUTIES AND RESPONSIBILITIES
* Excellent communication skills, facilitating activities across organizational boundaries and communicating with technical staff, line management, and senior executives.
* Provide technical representation in cross-organizational meetings, including external vendor meetings, architecture review boards, change control boards, and project team meetings.
* Demonstrate ability to work with project leads and developers to identify change scopes and requirements, manage code, schedule code deployment activities, deploy code, and validate satisfactorily met requirements.
* Demonstrate an ability to simplify complex problems using innovative concepts and automation methods.
* To be successful in this role, you must have a hands-on security engineering and networking background, such as deploying applications in an enterprise environment, networks, routers, switches, and firewalls.
* You must understand various identity services, networks, processing platforms, operating systems, middleware, web services and applications, data technologies, and security technologies.
* Work cross-functionally to understand CFTC's use of IoT, ICS, VOIP, VTC technologies, AWS, Azure, and ServiceNow cloud environments.
* Must remain knowledgeable on converging zero trust concepts, capabilities, and technologies.
* Must remain knowledgeable of Cloud Service Providers (Azure, AWS, ServiceNow, M365, other SaaS environments), their service offering, and security best practices for each service offering.
* Must remain knowledgeable on existing FedRAMP IaaS, PaaS, and SaaS and converging FedRAMP Ready service offerings.
* Must remain knowledgeable of Laws, regulatory requirements, DHS directives, and agency policies, demonstrating an ability to apply the context of assigned job responsibilities.
* Must remain knowledgeable of Cybersecurity and Infrastructure Security Agency (CISA) frameworks and models, ensuring security requirement alignment to implemented technologies.
* Must remain knowledgeable of NIST standards and ensure standards are adhered to for new technologies and products.
* Must maintain an ability to perform security assessments of a wide array of environments, technologies, and products.
* Must demonstrate an ability to assess planned technology changes and determine interdependencies and impact on interconnected components.
* Must demonstrate an ability to identify relevant security controls impacted by each change and prescribe security methods and mechanisms.
* Must demonstrate an ability to identify potential threats associated with technological changes and articulate threat mitigations.
* Must demonstrate an ability to identify risks associated with technological changes and articulate those risks.
* Must demonstrate an ability to identify vulnerabilities associated with technological changes and articulate prescribed mitigations.
* Must demonstrate an ability to manage firewalls and ensure rules are configured to prevent violability of the network explicitly.
* Must demonstrate the ability to work with engineering team members to analyze, verify, and divest potentially no longer needed rules.
* Must demonstrate the ability to use Visual Studio Server and follow detailed instructions for code deployments into production environments.
* Must demonstrate the ability to use security tools to identify weak ciphers and coordinate with project teams to divest weaker ciphers and replace them with current ciphers in support of Post Quantum Cryptography efforts.
* Must demonstrate an ability to use security tools to:
* Identify the assets within system boundaries, verify ports protocols and services, verify security controls and posture, and implement security mechanisms.
* Validate architectural changes, identify external communications paths and internal communications dependencies, validate system compliance and vulnerability findings, and validate credentialed access to information systems and components.
* Must demonstrate ability to facilitate working groups with system owners, project teams, information system security officers, and security control assessors.
* Must demonstrate the ability to provide comprehensive and accurate assets, ports, protocols, services, and architecture diagrams as evidentiary artifacts to support system boundaries.
* Must demonstrate the ability to extract, munge, and analyze large amounts of data from security and network management tools.
* Must demonstrate advanced ability to work with APIs, Excel, PowerBI, and other tools to render data into visualizations that are comprehensive and easy to understand.
QUALIFICATIONS
Required Certifications
* Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.)
Education, Background, and Years of Experience
* Bachelor's Degree required (preferred Computer Science, Data Analytics, Business Information Systems, Mathematics, Statistics, or equivalent).
* Seven (7) years or more direct, hands-on, experience and expertise in a specific domain area.
ADDITIONAL SKILLS & QUALIFICATIONS
Required Skills
* Serves as subject matter expert, possessing in-depth knowledge of a particular area, such as information security, cloud security, systems engineering, big data, or the various sciences related to enterprise technology.
* Provides technical knowledge and analysis of highly specialized applications and operational environments, high-level functional systems analysis, design, integration, security, implementation advice on exceptionally complex problems that need extensive knowledge of the subject matter for effective implementation.
* Participates as needed in all phases of system and software development with emphasis on the planning, analysis, security, testing, integration, documentation, and presentation phases.
* Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, advanced software, systems and security principles and methods to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions.
Preferred Skills
* Visual Studio, C#, Scripting (Bash, Batch, WMI, PowerShell, KQL)
* Familiar with Network Protocols (SSH, Secure FTP, TLS/SSL) and network encryption algorithms.
* Strong Excel background using VLOOKUPS and other functions to parse and aggregate data.
* Strong research and presentation skills
* Ability to facilitate meetings and discussions for an audience with a wide range of technical skills (from very technical-to-no technical background).
* Familiar with network security tools like (ExtraHop, Sentinel, CrowdStrike, and more)
WORKING CONDITIONS
Environmental Conditions
* Contractor site with 0%-10% travel possible. Possible off-hours work to support data updates. General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. The onsite working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work onsite is generally performed within an office environment, with standard office equipment available.
Strength Demands
* Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.
Physical Requirements
* Stand or Sit; Repetitive Motion; See
At Agile Defense, we know that our employees are our most important asset. We believe in our responsibility to our fellow employees, customers, company, and to our country. We promote teamwork, integrity, and creativity; we expect our fellow employees to also live these values.
Agile Defense, Inc. does not discriminate in practices or employment opportunities on the basis of an individual's race, color, national or ethnic origin, religion, age, sex, gender, sexual orientation, marital status, veteran status, disability, or any other proscribed category set forth in federal or state regulations.
Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Experience
7 years
Email this Job to Yourself or a Friend