We are seeking a senior Cyber/Information Technology (IT) Security Engineer to join our team. This individual will assist the Information Systems Security Officer (ISSO) in leading or conducting enterprise-level Security Engineering tasks and be part of a large program in support of the IT infrastructure including help desk, systems, network, and security services.
- Assist in analyzing, tracking of systems, networks, applications and their vulnerabilities by reviewing scan reports and working with the relevant parties to get the vulnerabilities remediated.
- Develop proactive Tenable Security Center processes and procedures to advance the vulnerability management program.
- Provide advice and guidance to the ISSO and other divisional security key stakeholders on how to improve IT security.
- Coordinate with technical leads in different divisions on implementation of effective vulnerability management projects that require compliance with relevant government policies or standards.
- Assist in coordination, implementation, communication, and enforcement of the IT security policies procedures, and standards.
- Advise on the development and design of methodologies to conduct business case analyses of the information security infrastructure.
- Support the analysis, investigation, and closure of audit findings from FISMA security audits, the Independent Verification & Validation (IV&V) and the Continuous Controls Assessment (CCA) engagements.
Required qualifications include:
- Performing vulnerability scanning using Tenable Nessus, Tenable SecurityCenter (SC), and vulnerability analysis and reporting, to various IT groups and management.
- Strong understanding of Linux and Active Directory.
- Understanding Continuous Monitoring (CM) requirements.
- Expert knowledge of IT security vulnerabilities and risk assessments with the ability to explain the risks associated with them to executives, program, and technology staff.
- Ability to work with program staff, executives, and technology staff to achieve IT security goals and objectives.
- Working experience in applying FISMA, and FedRAMP processes and policies to information systems.
- Bachelor’s degree and 6+ years’ related experience (or equivalent combination of education and experience).
- Certifications: CISSP (or ability to obtain one within 6 months).
- Excellent oral communication, writing, problem-solving skills, and attention to detail.
- Experience with major components and architecture of Tenable SecurityCenter (SC), Nessus Manager, scanners, agents, and Tenable.io.
- Understanding of the Secure Software Development Life Cycle.
- Experience with Secure Information Systems processes on AWS.
- Experience with analyzing SIEM events and logs from Splunk for any existence of security incidents is helpful.