Cybersecurity Engineer

About The Position

Requirements

• At least 2 years of professional work experience in a cybersecurity role.
• Demonstrated experience and understanding of Information Assurance in the following specialties: Internet and Intranet Applications and Authentication; and Physical, Personnel, Network, Computer, Information, Operational, Administrative, and Communications Security.
• Experience handling multiple tasks simultaneously, and the ability to work independently in a high stress environment with an orientation towards customer service.
• Strong background in governance, risk, and compliance (GRC), including oversight of security agreements and regulatory recertifications.
• Expertise in multi-stakeholder collaboration, partnering with federal, state, and industry entities on providing advisory assistance for data protection and cloud modernization initiatives.
• Experience developing and standardizing security assessment frameworks and documentation.
• Strategic capability in sustaining enterprise-wide security posture through proactive planning and continuous improvement.
• Demonstrated expertise in conducting risk and vulnerability assessments, supporting security audits and compliance reviews, and performing partner/contractor site security assessments
• Exceptional written and verbal communication skills; a writing sample will be requested.

Nice To Haves

• Security or IT certifications (e.g. CISSP, CISA, etc.)
• Knowledge of cloud computing, web application vulnerability scanning tools such as IBM AppScan
• Knowledge of the Child Support Enforcement program and system operations.
• Experience handling sensitive data sources and distribution of data containing personally identifiable information.

Responsibilities

• Conducting and coordinating security reviews and audits of federal and non-federal data exchange partners that access or host OCSE data.
• Providing security engineering support to the Security Team in responding to external audits.
• Providing security engineering expertise and guidance to design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, and HHS/ACF/FPLS security requirements.
• Participating in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders.
• Participating in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation.
• Documenting and track internal POAMs for DFS systems and applications
• Assisting in the development and delivery of Security Awareness Training as required.
• Providing security engineering support to incident response activities by analyzing and correlating security events, assessing technical impact, implementing corrective and preventive measures, coordinating with site personnel, and ensuring proper collection and preservation of digital evidence for investigations.
• Supporting security engineering efforts by integrating information security policies and controls into network and system design, collaborating with the security team to ensure consistent application of information assurance principles, and promoting user awareness and adherence to established security policies and procedures.
• Promoting organizational security awareness by integrating sound security principles into strategic goals, researching emerging threats and vulnerabilities, and supporting the publication of security alerts, advisories, and bulletins to keep stakeholders informed and proactive.
• Developing policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.

Benefits

• Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match.
• To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave.
• GDIT typically provides new employees with 15 days of paid leave per calendar year to be used for vacations, personal business, and illness and an additional 10 paid holidays per year.
• Paid leave and paid holidays are prorated based on the employee’s date of hire.
• The GDIT Paid Family Leave program provides a total of up to 160 hours of paid leave in a rolling 12 month period for eligible employees.
• To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.