Senior Security Engineer

Senior Security Engineer

SUMMARY:

We are looking for a highly talented, technical hands-on Senior Security Engineer to develop and implement strategies to protect computer systems, networks, and other digital assets from malicious attacks. To work with a team of IT professionals to design and implement new security measures or update existing ones. To leads the development of new security measures designed to patch holes and keep sensitive data safe.

DUTIES AND RESPONSIBILITIES:

• Develop, and integrate with other Cybersecurity workflow to include: ATO Intake, assessment, and Vulnerability Scanning process.
• Perform security reviews based on RMF controls compliance, clients, and security best practices.
• Provide security input on Cloud Center of Excellence (CCOE) and Cloud Advisory Council (CAC) agenda items by participating in technical working groups, providing security analysis, and providing recommendations.
• Performs architecture design reviews including configuration and log reviews, and perform network traffic analyses.
• Produces a SAR Report to include HVA's architecture strengths and findings.
• Design and deploy native Cloud security services in AWS, Microsoft Azure, and Google Cloud.
• Perform proof of value of Cloud-native, COTS, 3rd party, or opensource security capabilities by hands-on deploying and evaluating against security requirements.
• Develop scripts or code to perform Cloud Security assessments through Cloud native API or SDK.
• Develop enterprise cloud security blueprints to include security in Infrastructure as Code (IaC templates).
• Analyzing the impact of emerging technologies on existing security systems and identifying potential risks
• Research new and emerging security practices and capabilities such as AI/ML to address compliance and mitigate security risk.
• Improve Cloud Security monitoring to include ingestion of logs such as: API, application/database, and flow logs into SIEM.
• Increasing Cloud vulnerability coverage in the areas of Operating System (OS), application code, and Infrastructure level.
• Develop architecture for integrating findings into a centralized dashboard that allows product owners direct access to team's specific systems or cloud account findings.
• Work with Cybersecurity Authorizations and Compliance Branch (CACB) to:

• Conduct studies and analysis of proposed operations modifications.

• Provide end-to-end architecture tradeoff assessments.
• Develop strategic and tactical plans.
• Conduct evaluation of new program requirements.
• Investigate and develop new technologies for possible operations modifications.
• Develop standards and solutions to meet the client's requirements.

REQUIRED SKILLS:

• High level of attention to detail, needs minimal guidance, effective verbal, and written communications.
• Equally adept at strategic planning and operational/technical level.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.
• At least 5 years (preferred 10 years) of network, systems, applications:
• LAN/WAN, WAF/CDN/DDOS, Network Firewalls, IDS/IPS.
• Virtualization, hypervisor security, container security.
• Application development, serverless security, microservices, CICD.
• At least 5 years of designing and/or implementing security in Cloud (AWS , Azure or GCP optional):
• Multi-Cloud, Hybrid Cloud, IaaS, PaaS, SaaS, shared responsibility model.
• AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard Duty, Security Hub, Detective, Config, CloudTrail, CloudWatch, Lambda.
• Azure E3/E5, Active Directory, Blob, Azure Security Center, Key Vault, SSE, Monitor, Log Analytics, Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF, CSF, FISMA, and Fedramp.
• Familiarity with: ZTNA and SASE Framework, ICAM (OKTA), CWPP, SOC Operations, Vulnerability Threat Management, and Compliance.
• At least 2 years working in or managing Agile Devops, Scrum, Kanban.

• Cloud architecture
• Architecture experience
• Networking experience
• Network Security / Cyber Security experience

Education:

Candidate must have a Bachelor of Science (or higher) in one of the following: computer engineering, computer science, information technology, or cyber security. The resume may reference another major, so long as the resume is clear that the degree addressed at a minimum one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems or information technology.

CERTIFICATIONS:

Certified Information Systems Security Professional (CISSP) is . Certifications to include one or more of the following: Certified Cloud Security Professional, AWS Certified Solutions Architect Associate, AWS Certified Security Specialist, Microsoft Azure Solutions Architect, Google Professional Cloud Architect.

Clearance:

Public Trust

Work Location and Core Hours:  Washington, D.C. - Metro area, Full - Time