We are looking for a full-time Senior Cyber Security Engineer to support our Federal Client in Alexandria, VA office. As the Senior Cyber Security Engineer, you will be responsible for protecting system boundaries and ensuring that IT systems, applications and network devices are hardened against threats. The position supports the SOC as an advanced escalation point identifying and addressing potential information security incidents. You will utilize your exceptional communication skills to interact with both technical and non-technical colleagues, within the organization.
- Responsible for the engineering, design, implementation, maintenance, analysis, and administration of security technologies
- Remain current on cyber security trends and intelligence in order to guide the security analysis & identification capabilities of the SOC team.
- Perform threat, vulnerability, risk assessments, and investigations.
- Participate in security requirements, network design reviews, and security testing for network, systems, and applications.
- Coordinate with systems, network and development team to ensure network security standards are being followed and implemented correctly.
- Evaluate new security technology & emerging threats and provide recommendations to strengthen information security environment.
- Develop and carry out information security plans and policies
- Develop strategies to respond to and recover from a security breach
- Develop, configure, and implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
- Awareness training of the workforce on information security standards, policies and best practices
- Implement protections (e.g.- Firewall blocks, AV rules, creation of IOCs)
- Installation and use of firewalls, data encryption and other security products and procedures
- Conduct periodic network scans to find any vulnerability and ensure compliance
- Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior
- Investigate security breaches
- Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
- Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
- Knowledge of email security gateway, cloud and virtual technologies.
- In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
- Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
- Knowledge of the HTTP protocol, including analyzing the request/response.
- Demonstrated experience with commercial and open source testing and auditing tools such as Paros, BURP, nmap, and Metasploit.
Skills and competencies
Key technical skills include:
- Expertise in anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods
- Expertise in designing secure networks, systems and application architectures
- Disaster recovery, computer forensic tools, technologies and methods
- Planning, researching and developing security policies, standards and procedures
- Expertise with mobile code, malicious code, and anti-virus software
- The IT security engineer should also have experience with and knowledge of:
- Configuration of endpoint security solutions, including file integrity monitoring and data loss prevention
- Automating security testing tools
- Email Security Gateway tools
General skills include:
- The ability to multi-task
- A keen eye for detail
- Strong organizational skills
- The ability to thrive in fast-paced, high-stress situations
- The ability to effectively communicate security issues to peers and management
Required education and/or certifications
- A B.S. in Computer Science or related field, or equivalent experience
- At least 5 years of industry experience in a security engineering function
- At least 8 years of information security experience with a focus on network, application and architecture
- Security + Certification
- CEH – Certified Ethical Hacker (CEH)
- ISSAP – Information Systems Security Architecture Professional (ISSAP)
- ISSEP – Information Systems Security Engineering Professional (ISSEP)
- LINUX +
Job Type: Full-time