Senior Network Security Engineer

Requisition #: 588

Job Title: Security Engineer III

Location: 1155 21st St NW Washington, District of Columbia 20581

Clearance Level: Active DoD - Public Trust

Agile Defense is currently seeking a talented Senior Network Security Engineer to support Agency-level Cybersecurity Program to streamline the current Architecture and Engineering approach with a focus on roadmap planning. The ideal candidate enjoys activities defined to be “as is” and “to be” architectures including the business, data, application, and technology layers along with a high-level implementation plan.

The ideal candidate will play a pivotal role in shaping the client's cybersecurity strategy, providing support to understand and develop system requirements and technical solutions based on the client system architectures as follows: 

·       Support the maturation of the client's enterprise architecture to align with the client's information security and risks to the organizational operations, organizational assets, and individuals. 

·       You will support the government in all aspects of planning, designing, implementing, optimizing, and troubleshooting the network security system to improve the organization's efficiency and resiliency.

·       You will further support the government in protecting the network from threats that could attack it, including existing dangers, mishaps, and malicious attacks. 

·       You will develop alternative system designs and architectures and consider trade-offs between security requirements, functional/operational requirements, and cost. 

·       You will review and describe the impact of new or changing federal policies. You will review and describe the impact of new or revised legislation and regulations (OMB, DHS, FISMA, and more). 

·       In coordination with Enterprise Architecture and the Architecture Review Board, you will provide cybersecurity engineering expertise to conduct technical analysis of board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms. 

As a cybersecurity engineer, you will be at the forefront of technology, conducting research and presenting analyses to evaluate and/or identify and describe emerging industry technology trends, government agency best practices, and security issues.

·       Serves as subject matter expert, possessing in-depth knowledge of a particular area, such as information security, cloud security, systems engineering, big data, or the various sciences related to enterprise technology.

·       Provides technical knowledge and analysis of highly specialized applications and operational environments, high-level functional systems analysis, design, integration, security, implementation advice on exceptionally complex problems that need extensive knowledge of the subject matter for effective implementation.

·       Participates as needed in all phases of system and software development with emphasis on the planning, analysis, security, testing, integration, documentation, and presentation phases.

·       Applies principles, methods, and knowledge of the functional area of capability to specific task order requirements, advanced software, systems and security principles and methods to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions.

·       Participate as a member of the organizations Configuration Control Board and present recommendations for mitigating or remediating identified security concerns with requested changes.

·       Use security tools to identify weak ciphers and coordinate with project teams to divest weaker ciphers and replace them with current ciphers in support of Post Quantum Cryptography efforts.

·       Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, or others.)

·       Bachelor’s Degree required (preferred Computer Science, Data Analytics, Business Information Systems, Mathematics, Statistics, or equivalent).

·       Seven (7) years or more direct, hands-on, experience and expertise in a specific domain area.

·       Ability to facilitate meetings and discussions for an audience with a wide range of technical skills (from very technical-to-no technical background).

·       Strong research and presentation skills

·       Understands various identity services, networks, processing platforms, operating systems, middleware, web services and applications, data technologies, and security technologies.

·       Work cross-functionally to understand client's use of IoT, ICS, VOIP, VTC technologies, AWS, Azure, and ServiceNow cloud environments.

·       Must remain knowledgeable on existing FedRAMP IaaS, PaaS, and SaaS and converging FedRAMP Ready service offerings.

·       Must maintain an ability to perform security assessments of a wide array of environments, technologies, and products.

·       Identify the assets within system boundaries, verify ports protocols and services, verify security controls, and posture, and implement security mechanisms.

·       Direct experience using MS Visio (or other network diagraming tools) to update architecture diagrams, data flows, and other views used as part of the Authorization and Accreditation process.

·       Advanced ability to work with APIs, Excel, Power Query, PowerBI, and other tools to render data into visualizations that are comprehensive and easy to understand.

·       Understanding of firewall rule sets and various firewall GUI’s, with an ability to make recommendations to reduce rules for zero count rules and other recommendations based on sound security practices.

·       Scripting (Bash, Batch, WMI, PowerShell, KQL)

·       Ability to quickly learn new tools and to solve complex problems in an ad-hoc nature.

·       Familiar with Network Protocols (SSH, Secure FTP, TLS/SSL) and network encryption algorithms.

·       Provide technical representation in cross-organizational meetings, including external vendor meetings, architecture review boards, change control boards, and project team meetings.

·       Knowledgeable of Cloud Service Providers (Azure, AWS, ServiceNow, M365, other SaaS environments), their service offering, and security best practices for each service offering.

·       Ability to assess planned technology changes and determine interdependencies and impact on interconnected components.

·       Ability to identify relevant security controls impacted by each change and prescribe security methods and mechanisms.

·       Validate architectural changes, identify external communications paths and internal communications dependencies, validate system compliance and vulnerability findings, and validate credentialed access to information systems and components.