Principal Cybersecurity Engineer

General Dynamics Information Technology•McLean, VA

13h•$164,382 - $201,250•Onsite

About The Position

GDIT is seeking a Cybersecurity Engineer to support a large Cloud Services government contract to run and maintain our customer cyber tool stack in McLean, VA. HOW A CYBERSECURITY ENGINEER WILL MAKE AN IMPACT: Maintains, configures, and monitors the following security applications: Endpoint security implementation Scanning implementation SIEM implementation Insider Threat Monitoring Works with the vendors of the security applications as applicable to maintain security updates, licenses, resolve support issues (e.g. for Tenable plugins), etc. Supports the Cybersecurity lead with maintaining the Continuous Monitoring program, specifically around vulnerability management, endpoint security, auditing, and security alert triage/monitoring. For the SIEM/SecOps, works with the team to perform the following duties: Ensures the telemetry from the hosts and security applications are forwarded to the SIEM. Configures alerts for privileged activity that would be conducted in the enclave as well as alerts from security advisories. Triages all alerts from the SIEM to ensure activity in the environment is authorized. Investigates, resolves, and reports security incidents in alignment with the Incident Response Plan. For scanning, works with the team to perform the following duties: Ensures the inventory of hosts and recurring/ad-hoc scan policies are accurate. Reviews the scans to confirm correct, actionable data is generated to support the patching activities. For endpoint security, works with the team to perform the following duties: Ensures new hosts go through the applicable learning phase before going live. Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied. For insider threat monitoring, works with the team to administer the security application and monitor aggregated data. Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.

Requirements

Clearance: Active Top Secret security clearance with SCI eligibility
Education: BA/BS or similar Degree, OR equivalent experience in lieu of degree
Experience: Minimum of 10 years of experience in supporting US government systems, emphasis on DO
Technical Skills: Experience with using or maintaining 2 or more of the cyber tools listed below, AND the ability to quickly learn those that are unfamiliar: Splunk, Tenable.sc, Trellix, Teramind
Skills & Abilities: Excellent communication and interpersonal skills, with the ability to work effectively in a fast-paced, collaborative environment.

Nice To Haves

Certifications that meet applicable 8140 compliance, including but not limited to Security+ CE
Proficiency in Google Workspace and related tools

Responsibilities

Maintains, configures, and monitors security applications: Endpoint security implementation, Scanning implementation, SIEM implementation, Insider Threat Monitoring
Works with vendors to maintain security updates, licenses, and resolve support issues
Supports the Cybersecurity lead with maintaining the Continuous Monitoring program
Ensures telemetry from hosts and security applications are forwarded to the SIEM
Configures alerts for privileged activity and security advisories
Triages alerts from the SIEM to ensure authorized activity
Investigates, resolves, and reports security incidents
Ensures the inventory of hosts and scan policies are accurate
Reviews scans to confirm correct, actionable data is generated
Ensures new hosts go through the applicable learning phase
Ensures all hosts can be seen in the endpoint security application with ongoing monitoring and applicable policies applied
Administers the security application and monitor aggregated data for insider threat monitoring
Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.