Security/ Cyber Security Engineer

Contract to HireJob Description:

• 8+ years of development experience in designing and implementing software systems in Java, building highly reliable and mission-critical software.• 5+ years of work experience in designing and implementing security solutions for applications and distributed systems.• Development work experience and excellent understanding in mitigating OWASP Top 10 attacks on applications, cryptography, key management, PKI, TLS/SSL, DDoS mitigation, authentication, authorization & application security.• Strong understanding of secure engineering concepts such as secure coding practices and secure code reviews and the ability to identify, mitigate and prevent threat vectors.• Excellent grasp of software engineering principles.• Understanding of cloud computing (specifically IaaS) and some key deployment patterns across AWS, Google Cloud Platform, and Azure.• Understanding of SSH/RDP and how engineers access servers. • Understanding the Privileged Access Management market, and how customers are using these products today.• Successful candidate will understand the Risk Management Framework (RMF) and the NIST 800-53 RMF Security Control Catalog• Strong analytical, task management, time management, and communication skills necessary for handling Vulnerability Management initiatives, tasks and deadlines impacting the agency’s environment. Ability to research, analyze, correlate and present agency vulnerability data from a variety of agency-hosted tools including the analysis of multilevel security risks and problems and compensating controls to the agency’s IT management and staff.• Ability to collaborate proactively with developers, system owners, system administrators and IT management (both internal and external) in researching vulnerabilities, communicating the details to these partners and IT management, developing action plans, following up and closing out all vulnerabilities by the required agency target or mandated deadlines.
• Demonstrate the ability to design, configure, engineer, integrate, and implement system security solutions that will provide configuration management for multiple operating systems and applications. Work with IT staff to be creative when it becomes necessary to tailor configurations and create/document baseline or custom configurations.• Working knowledge of NIDS & HIDS solutions in AWS• Experience with AWS security services to include AWS Security Center, AWS GuardDuty, AWS Config, CloudTrail, CloudWatch, CloudWatch Events, AWS Inspector, Lambda, and AWS Systems Manager• Mentor team members, junior and senior, in state-of-the-art incident response practices• Develop solutions to hunt, detect and respond to security threats in a legacy-free corporate environment• Build log ingestion pipelines, rules and responses in a mix of SIEM-specific language, scripts and code• Help the business understand security issues by creating clear dashboards, prioritized rules and response runbooks based on knowledge of threat, risk and business value• Work cross-functionally to support security-related business needs such as providing expertise to client account managers, coordinating operational incident response, and assuring our security and compliance commitments