Security Engineer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field and 8+ years experience; or additional equivalent experience may be considered in lieu of a degree.
• 5–8+ years of hands-on experience administering and securing Linux systems in an enterprise environment.
• Active TS/CI government security clearance
• Direct experience with Tenable.sc and/or Nessus for vulnerability management (configuration, policy creation, agent management, reporting).
• Solid understanding of vulnerability management lifecycle: discovery, assessment, prioritization, remediation, and verification.
• Experience implementing or supporting security/compliance frameworks such as NIST 800-53, DISA STIGs, CIS benchmarks, or similar.
• Strong skills in Linux CLI, shell scripting, and basic automation (e.g., Bash, Python, Ansible) to support configuration and remediation.
• Familiarity with log management and SIEM solutions and how they integrate with Linux hosts.
• Ability to interpret technical vulnerabilities (CVEs, CVSS) and clearly communicate risk and remediation options to technical and non-technical stakeholders.
• Excellent documentation skills, including the ability to produce clear procedures, diagrams, and reports.

Nice To Haves

• Experience with configuration management tools (e.g., Ansible, Puppet, Chef, Salt) to enforce secure baselines at scale.
• Experience working in regulated or audit-heavy environments (e.g., FISMA, FedRAMP, PCI-DSS, HIPAA, SOX).
• Familiarity with Windows server hardening and cross-platform vulnerability management.
• Experience integrating Tenable with ticketing/ITSM tools for automated ticket creation and tracking.
• Certifications such as Linux+, RHCSA/RHCE, Security+, CySA+, Tenable-certified, CISSP, or similar.
• Experience in federal / DoD / IC / state & local government, or other large enterprise environments.

Responsibilities

• Implement and maintain secure network architectures (e.g., segmentation, zoning, DMZs, zero-trust-aligned designs) in accordance with organizational policies and industry best practices.
• Administer and harden Linux servers (e.g., RHEL, Rocky, Ubuntu) including OS configuration, patching, and security baseline enforcement.
• Install, configure, and maintain Tenable platforms (Tenable.sc, Nessus, Nessus Agents, connectors) to support continuous vulnerability scanning.
• Develop and maintain scanning policies, schedules, and dashboards to provide accurate visibility into security posture.
• Analyze Tenable scan results; validate true positives vs false positives and work with system and application owners to drive timely remediation.
• Map vulnerabilities and configuration findings to relevant compliance requirements (e.g., NIST 800-53, DISA STIGs, CIS benchmarks, organizational policies).
• Support the creation and maintenance of secure configuration baselines and hardening guides for Linux servers and related middleware.
• Generate compliance and vulnerability reports for leadership, auditors, and governance teams; track remediation progress and aging.
• Collaborate with infrastructure, DevOps, and application teams to integrate security and compliance into change management, patch cycles, and deployment pipelines.
• Participate in security incident response activities related to Linux hosts, including log review, containment, and forensic support.
• Contribute to SOPs, playbooks, and runbooks for vulnerability management, patching, and compliance monitoring.
• Maintain all Body of Evidence (BOE) documentation for which they are the prime author for the duration of the contract.
• The Contractor shall update the documentation to correspond with product updates released in response to software updates and patches.
• The Contractor shall document all changes to the security posture of the system and provide those documents to the government for review and approval.