Security Engineer

Overview

JOB TITLE: Senior Security Engineer

POSITION INFORMATION : Full-Time Position

LOCATION: Rockville, MD, onsite

POSITION TIMING: Employment is contingent upon obtaining a Public Trust clearance prior to start; processing typically takes 2-3 months.

BENEFITS: Health, Dental and Vision, 401(k), Flexible Spending Account (FSA), 11 Paid Federal Holidays, PTO, education reimbursement

ITC Federal is an information technology and consulting company focused on servicing the needs of the Federal Government. ITC's mission is to apply earned expertise in information technology and information assurance/security to assist this client in achieving its mission. ITC is located in Fairfax, VA and offers outstanding compensation and benefits plan and a challenging and rewarding professional work environment.

Responsibilities

RESPONSIBILITIES:

• Develop and implement internal System Security Plan (SSP) and Security Assessment Plan (SAP)
• Evaluate the effectiveness of security controls, and develop findings and remediation recommendations i.e. Plan of Action and Milestones (POA&Ms)
• Develop and implement security and compliance audit logging and monitoring
• Implement and maintain security compliance and security monitoring technologies
• Monitor security events and respond and/or coordinate response and mitigation efforts
• Perform system architecture security risk and waiver assessments and propose mitigation plans
• Perform Security Impact Assessment (SIA) for proposed system change requests
• Perform vulnerability assessment and vulnerability remediation/mitigation research
• Monitor patch and security advisories releases and review and develop deployment plans
• Develop and implement security policy, processes, procedures, and guidance documentation
• Provide security guidance to drive infrastructure decisions in collaboration with other technical and management stakeholders to ensure security policies and principles are being upheld
• Engage in ongoing research of new and emerging security technologies that may benefit the security posture of strategic goals
• Work closely with senior management, systems operations staff, software development staff, support staff, 3 rd parties and end-users to ensure rapid resolution of security issues.
• Support others in analyzing and resolving difficult technical problems.
• Conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established NIST policy and industry guidelines.
• Performs other security related duties as required.

Qualifications

REQUIRED KNOWLEDGE, SKILLS AND ABILITIES:

• Bachelor of Science in Computer Engineering / Computer Science with 4-7 years' experience.
• 3+ years of experience system architecture design with experience providing security integration.
• 2+ years of experience working with virtualization technologies.
• 1+ year of working with cloud services and/or collaboration with cloud service providers.
• One or more of the following certification: MCSA/MCSE, CCNA Security, GSEC, GCIA, GCIH, CISA, CISM, CCSP, CAP and/or CISSP.
• In-depth understanding of access control, authentication and authorization, security auditing, and security configuration technologies.
• In-depth understanding of standard Internet protocols (i.e., FTP, HTTP, DNS, DHCP, RADIUS, SNMP, and SMTP).
• In-depth understanding of security and compliance best practices and standard (i.e., FISMA, FedRAMP, CIS Benchmarks, DoD STIGs, SCAP, NIST SP800-53/39/37, ISO 27001/27002).
• Recent hands-on experience or familiarity implementing IT security equipment (Governance Risk and Compliance Tools, Firewalls, Intrusion Detection Systems, Vulnerability Scanners, Virtual Private Networking, virus protection technologies, and Log Management solutions, Security Information and Event Management Solutions).
• Familiarity or experience with the following types of appliances/ tools a plus: Tenable Security Center/ Nessus, Web Inspect, LogRythm, BigFix, SentinelOne, Active Directory, Palo Alto Firewall, Juniper SRX Firewall, Cisco, Global Protect.
• Ability to perform risk assessments and build risk mitigation plans.
• Strong organization, written and oral communication skills.
• Strong ability to function independently or as a part of a large, integrated cross-functional team.
• Intellectual curiosity and a willingness to learn new things
• Experience working in a dynamic lab environment preferred
• Experience with FISMA Compliance/ NIST Risk Management Framework (RMF) contracts preferred

WORK ENVIRONMENT AND PHYSICAL DEMANDS: Candidate must be able to function in general office environment.

ITC Federal is an equal opportunity employer and will not discriminate against any application for employment on the basis of age, race, color, gender, national origin, religion, creed, disability, veteran status, marital status, sexual orientation, genetic information, military status, disability, or sex including pregnancy and childbirth or related medical condition or on any other basis prohibited by law.