Posted today
Secret
Unspecified
Unspecified
IT - Security
Scott AFB, IL (On-Site/Office)
Responsibilities
OBX is staffing for a Security Engineer II to work on the PEO-T contract for USTRANSCOM.
The tasks for this person will be, but not limited to, the following:
Qualifications
Clearance Requirement: Must have an active Secret Clearance
1-3 years relevant experience in the following:
Required Education/Certification
Security Clearance
Secret
Company Information
Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People...Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.
We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.
As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.
OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
OBX is staffing for a Security Engineer II to work on the PEO-T contract for USTRANSCOM.
The tasks for this person will be, but not limited to, the following:
- Reviews evolving NIST requirements to support risk assessment activities associated with the affiliated system requirements and specifications.
- Prepares detailed specifications from which cybersecurity deficiencies identified during risk assessment will be mitigated/remediated and conducts follow-up risk assessment to ensure proper secure coding practices are being built-in/enforced to the greatest extent possible.
- Collaborates closely with government customers to develop appropriate POA&Ms and support risk acceptance activities as needed to support risk management processes.
Qualifications
Clearance Requirement: Must have an active Secret Clearance
1-3 years relevant experience in the following:
- Experience reviewing vulnerability scans using SAST (Static Application Security Testing) tools, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions
- Knowledge of multiple programming languages (e.g., Java, C#, Python, .NET, SQL)
- Experience with threat modeling and presenting findings/recommendations to lead stakeholders.
- Thorough understanding of CI/CD pipeline components, containerization technologies (e.g., Kubernetes, Docker, etc.,) and microservices architecture.
- In-depth knowledge of critical application security vulnerabilities and OWASP Top 10
- Experience with following static code analysis tools: SonarSource, OpenText SAST, and TruffleHog.
- In-depth knowledge of DevSecOps practices and principles
- Solid understanding of system and network security, authentication protocols, and cryptography.
- Ability to communicate with development teams on mitigation and remediation of vulnerabilities and security control implementation.
- Ability to work in a fast-paced environment and possess excellent communication skills.
- Experience with security lockdown and/or hardening of servers and network devices
- Possess skills to conduct Technical Reviews of Development Contractor produced security deliverables
- Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues
- Experience participating in Technical Interchange Meetings on a wide range of PMO security engineering topics
- Experience providing support to ensure PMO systems are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOW regulations, USTRANSCOM requirements, and commercial best practice
- Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements
- Experience supporting operational security activities (e.g., researching coding languages, vulnerabilities associated with secure coding practices, etc.)
- Experience supporting the Customer through critical review of documented DISA STIG/SRGs (e.g., Application Security and Development) and ingesting them in the government-supplied tools to support risk assessment of the NIST controls.
Required Education/Certification
- Active IAM II Certification in Good Standing (e.g., CGRC (formerly CAP), Security X (formerly CASP+CE), CISM, CISSP (or associate), GSLC, CCISO)
- Bachelor's in Computer Science or Cybersecurity or equivalent
Security Clearance
Secret
Company Information
Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People...Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.
We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.
As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.
OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
group id: 10375429
N
