Security Engineer Details

Security Engineer

Zermount Inc. - Washington, DC

Employment Type : Full-Time

SUMMARY:

As the Security Engineer, team’s main point of contact for all technical IT Security solutions, new risks and threats, secure system configurations, architectures, and technical designs and implementations. Support integrated and dynamic defense and IT Security solutions to deliver vulnerability management services, including leveraging network scanning tools to identify vulnerabilities, employ mitigations, and ultimately remediate system deficiencies. Responsible for the research of new threats and vulnerabilities and brief Chief Information Security Officer (CISO) and other Service Unit Directors, to keep the client updated with the latest risks. Development and updating of documentation such as configuration management guides, technology administration guides and Standard Operating Procedures (SOP’s) is required.

The Security Engineer and execute the following activities are conducted: Application Security Assessments; development of Hardening Guides and Secure Baseline Configuration (SCB’s); Vulnerability assessments, database scans, secure code analysis, web application scans, penetration test and Security Controls Assessments (SCA’s) are successfully performed and the appropriate level of analyst are performed for systems and applications. The Security Engineer / technical Lead will develop, oversee, and manage all testing schedules and ensure staff is fully and appropriately utilized, deliverables are submitted, and deadlines are met.

The Security Engineer evaluate security products (new and existing) to ensure proper functionality, configuration, implementation and usage, eliminate duplication of tolls, recommend new tools, and ensure compatibility with information security policy. Performs routine audits and vulnerability scans to ensure compliance with security policy. Participates in audits or reviews of desktop systems, operations methods, and assessment risks. Assist with the development of policy related to IT Security.

Develop, submit and brief Weekly and Monthly Status Reports on all activities and conducted briefings for client and team, as necessary. Manage, communicate, and contribute to the expansion, growth, and success of the IT Security Program.

ESSENTIAL FUNCTIONS:

• Develops, manages and executes technical testing team schedule, ensure proper level of analysis is conducted, reports are developed and submitted, deadlines are met, and provide technical guidance, solutions, mitigations and solutions.
• Recommend secure architectures, designs and configurations for systems and applications.
• Execute hands-on security testing (vulnerability, web application, code, database, applications, SCA, and penetration) is conduct within the client’s environment as captured in the client’s Technical Reference Model or according to best practices.
• Review requests from the Configuration Control Board and client and provide IT Security analysis and recommendations.
• Research, and planning of new IT Security technologies through the SDLC.
• Performs research and provides technical solutions and recommendations.
• Tools and Technologies are properly configured, implementing, operating, and used.
• Ensure all members of the team, are properly and fully utilized, and performing to meet or exceed client and executive managements expectations.
• Develop and update procedures, workflows, configurations guides, administration guides, and SOP’s, as required.
• Develop and provide status reports and briefings as required.

QUALIFICATIONS:

Required Skill and Experience:

• A minimum of five (5) years of demonstrated experience in the Cybersecurity field.
• Demonstrates successful leadership and management skills.
• Demonstrates a proficiency with security tools and technologies.
• Depth of experience with multiple operating systems (e.g. Windows, Linux, and Mac).
• Experience with multiple data bases (e.g. SQL, MySQL, and Oracle).
• Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities.
• Technical experience with conducting and reviewing security, configuration and vulnerability scans, analysis techniques, and mitigation solutions.
• Possess expertise in security engineering principles, conducting security testing, analytical skills, and developing effective reports.
• Working knowledge of Security principles, techniques and technologies.
• Good understanding of network protocols, design and operations.
• Strong analytical skills and efficient problem solving.
• Experienced writing security related procedures and guidelines.
• Experience with NIST Special Publications and guidance.
• Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
• Excellent communication (written and verbal) skills

Education:

• Bachelor’s degree or higher in computer science, Information Technology, Information Security, or similar fields. (recommended)
• Associates degree (acceptable), with a minimum of seven (7) years of operational experience in field.

Certifications:

• A minimum of at least one (1) certification must be active relating to information security such as:
  • Certified Information Systems Security Professional (CISSP);
  • GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)
  • CompTIA Security +
  • CEH

Clearance:

• Public trust

Work Location and Hours:

• Currently off-site / May require client site support after the government re-opens
• Location: Washington DC
• Business Hours: 7:00 am – 7:00 pm
  • Core Hours: 9:00 am – 3:00 pm

Powered by JazzHR

7rb4Rdo3Gk