Associate Security Engineer

The job overview for this position is to design and implement systems and procedures to ensure the security, integrity, and availability of the organization's data. The role involves assessing the risk of data exposure, tracking security violations, and identifying trends or weaknesses that can be addressed through training or technical measures. The job also includes conducting vulnerability scans, monitoring security operations, investigating security breaches, collaborating with auditors, and preparing security reports. Additionally, the role may involve testing defenses against various attacks and exploring new methodologies or tools to enhance security.

Design and implement systems and procedures to sustain the security, integrity, and availability of the organization's data.

Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them.

Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security.

Conduct platform or operating system vulnerability scans that assess exposure of system to attacks or hacking.

Monitor Security Operations pager and respond to issues of potential viral activity, spam, phishing.

Administer controls and review their application to ensure that system's controls, policies, and procedures are operating effectively relative to the predicted effectiveness of the controls.

Investigate events or incidents of apparent security breaches and report to appropriate authorities using corporate procedures.

Confer and collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported.

May plan and/or conduct tests of the core infrastructure and the contingency environment for critical business applications to ensure business continuity in the event of a computer security incident.

Aggregate metrics of operation of security controls, as well as apparent attacks, breaches, and other pertinent data; track trends and prepare for periodic security reports.

Measure and improve patch management procedures with appropriate teams.

Participate in projects designed to test defenses against hacking, denial of service, spam, break-ins, or similar attacks. May provide guidance to infrastructure or application staff participating in exercise.

Examine and/or test new methodologies or tools that could be adopted to enhance security of platforms, infrastructure, or access to data.

Other duties as required.

• Design and implement systems and procedures to sustain the security, integrity, and availability of the organization's data
• Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them
• Track security violations and identify trends or exposures that could be addressed by additional training, technical measures, or use of application tools to enhance security
• Conduct platform or operating system vulnerability scans that assess exposure of system to attacks or hacking
• Monitor Security Operations pager and respond to issues of potential viral activity, spam, phishing
• Administer controls and review their application to ensure that system's controls, policies, and procedures are operating effectively relative to the predicted effectiveness of the controls
• Investigate events or incidents of apparent security breaches and report to appropriate authorities using corporate procedures
• Confer and collaborate with internal and external auditors to ensure that appropriate controls are installed, operating properly, and being monitored and reported
• Plan and/or conduct tests of the core infrastructure and the contingency environment for critical business applications to ensure business continuity in the event of a computer security incident
• Aggregate metrics of operation of security controls, as well as apparent attacks, breaches, and other pertinent data; track trends and prepare for periodic security reports
• Measure and improve patch management procedures with appropriate teams
• Participate in projects designed to test defenses against hacking, denial of service, spam, break-ins, or similar attacks
• Examine and/or test new methodologies or tools that could be adopted to enhance security of platforms, infrastructure, or access to data
• Must reside in the Fairfax County area, visits to the office will be required for this position
• Bachelor's Degree or equivalent required
• Applicable certifications are desired
• 1+ years of related experience in IT related field desired
• Problem solving skills complemented with experience in solving information security device and application issues with customers is a must
• Good verbal and written communication skills as well as attention to detail
• Exceptional customer service skills and interpersonal skills
• Ability to work in small teams
• Must be able to resolve highly complex and technical business problems
• Understanding of threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk
• Create technical documentation and diagrams using Microsoft Visio, Excel, Word and PowerPoint
• Knowledge of single sign-on integration with on premise and cloud toolset
• Recommended Certifications or Skills: Security+, AssociateCISSP, AssociateSSCP, Associate CCSP, OS/Linux/WINDOWS/MAC, Directory Services, Microsoft Office, Network Protocols, Scripting Languages (Python/Bash/PowerShell)

• Comprehensive medical, dental and vision plans
• 401(k) plan with employer match
• Flexible Paid Time Off (FTO)
• Volunteer Time Off (VTO) - two days off per calendar year for volunteering
• 5-year Service Milestone Sabbatical
• Paid parental leave
• Generous employee referral bonus program
• Pet insurance
• HQ Office centrally located in Reston Town Center with well-stocked kitchen and catered lunch on Thursdays
• Regular virtual company-wide events, including cooking classes, yoga, meditation, and more
• Opportunity to learn and develop from industry experts