Amyx is seeking to hire Lead Information Security Engineer located in Washington, D.C. This position will be supporting our SEC client.
Responsibilities and Daily Tasks:
The U.S. Securities and Exchange Commission (SEC), Office of Information Technology (OIT), Information Security Office, requires information security services for any and all emerging IT components, IT services, and ancillary elements as they arise as required to achieve the agency’s mission. These services include, but are not limited to the following:
- Privacy Compliance and Testing
- Governance, Risk, and Compliance (GRC) services
- Security Assessment and Authorization (SA&A)
- and Continuous Diagnostics and Mitigation (CDM)
The Lead Information Security Engineer will be responsible for organizing, directing, and managing a team of IT professionals implementing a NIST Risk Management Framework compliant program. The Lead Information Security Engineer will provide direction of program activities and be responsible for constructing and executing project schedules reporting progress to the Program Manager and Government on a regular basis.
Required Skills and Qualifications: (examples of what is needed below)
Education: Bachelor’s degree or equivalent professional experience in the field of information security, computer engineering, information systems, telecommunications, or related technical or functional discipline.
- Minimum of four (4) years of experience in the following:
- On-site project lead for information technology security engineering projects serving as the interface and on-site point of contact with Contracting Officer’s Representative (COR) for program/project operations.
- Organizing, directing and coordinating with the Program Manager and COR in the planning and production of all contract and subcontract support activities.
- Supervising program/project operation by developing engineering, technical and management procedures and controls, monitoring, and reporting progress.
- A minimum of eight (8) years of relevant work experience in the area of information/cyber security engineering or security operations, including hands-on experience with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools.
- Two (2) or more years of experience in the design and implementation of enterprise-wide security controls to secure systems, applications, network, or infrastructure services.
- Specialization in at least one of the following fields with four (4) or more years of experience: o Building and administering security devices such as network firewall, web proxy, data loss prevention systems, and intrusion prevention systems.
- Building and administering Windows Server and Active Directory.
- Building and administering Linux/UNIX based systems.
- Building and administering Network devices (e.g., Cisco, Juniper).
- Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Conducting database security assessment and monitoring.
- Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging.
- Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit.
- Demonstrated understanding of TCP/IP networking concepts and DNS.
- Experience with public cloud services providers such as Amazon AWS or Microsoft Azure.
- Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP.
Professional Certification: Maintain at least one current professional certification. Acceptable certifications include: Any SANS GIAC Security certifications (Administration, Software, Forensics, or GSE Expert), ISC2 CISSP, or any security systems vendor administration-level certifications.
Desired Skills and Qualifications:
- PMP Certification preferred or equivalent work experience (4+ years management experience).