Job Title: Security Engineer
*W2 only*
Clearance: Must be a U.S Citizen with the ability to obtain/maintain a DHS Public Trust.
Multiple openings and skill levels.
Job Description
- Providing security technical expertise for processes and procedures across the program
- Providing technical expertise for all program security matters in technical domains such as network protocols/security, hardware security, software engineering, virtualization, and operating systems
- Providing technical expertise and management in order to maintain DHS Authority to Operate (ATO) of the program.
- Applying their in-depth knowledge to scrutinize the security architecture, implementation, deployment, and operations of the program and define/implement plans of action, processes, and procedures.
- Evaluating the security of the program in order to satisfy DHS security controls, program requirements, and prevent attack, damage, or unauthorized access
- Participate in operational security tasks such as Incident Response, System Monitoring, and Continuous Monitoring practices
Required Skills:
US citizenship with ability to obtain Public Trust Suitability
- 5 – 10 years of experience
- In-depth understanding of general information security concepts and principles, system architectures and development, network protocols, etc.
- In-depth experience with supporting system DHS Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs
- In-depth experience with Information Security Continuous Monitoring (ISCM), RMF automation, and Comply to Connect
- In-depth experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes.
- Experience scrutinizing and providing solutions to ensure code in CI/CD pipelines adheres to ATO security requirements.
- Experience implementing industry standard security best practices for Kubernetes and Docker.
- In-depth experience with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) criteria.
- In-depth experience with relationship building and maintenance as it relates to internal and external team members, certification authorities, ISSOs and ISSMs and customers
- Ability to analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
- Ability to analyze vulnerability assessment data to identify technical risks to the organization
- Ability to work across multiple disciplines
- Eagerness to dig into technical questions and problems, enthusiasm, good customer interface skills, positive attitude, strong communication skills (written and verbal), and effective teamwork and technical collaboration skills
- Experience with DHS Programs and the DHS Systems Engineer Lifecycle (SELC)
- Note: Fairfax, VA office with option to work remotely
Desired skills:
- Security testing of IT products
- Knowledge of network protocols (e.g. TLS/SSL, SSH, IKE, SRTP, SNMP)
- Knowledge of information security (e.g. authentication, access control, network security)
- Knowledge of cryptography and the FIPS 140-x family of standards
- Experience performing gap analysis using the AWS Well-Architected Framework.
- Hands-on experience configuring AWS security tools.
- Knowledge of the Common Criteria family of standards
- Knowledge of the US security testing programs and evaluation schemes, and of the applicable requirements and standards relevant to them
- Experience with configuration and maintenance of IT Service Management (ITSM) tools such as Atlassian Jira in a production environment supporting Event Management, Incident Management, Problem Management, and Change Management
- Experience implementing and executing work using the Scaled Agile Framework (SAFe)
- Experience with supporting the ELK (Elasticseach, Kibana, Logstash) Stack in non-production and production environments
- Experience with a SIEM tool such as Splunk desirable (i.e. creating queries, dashboards)
- Experience using Regex in searches to extract data from log files being ingested into a SIEM tool such as Splunk.
- Familiarity with web-app security tools (like BurpSuite) to perform web-app scans and perform manual validation if necessary.
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at employeeservices@apexsystems.com or 844-463-6178.
