Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field with a minimum of 7 years of experience.
• Proven experience in identifying and remediating OS-level vulnerabilities in both Linux and Windows environments with a strong understanding of STIG and CIS compliance requirements.
• Strong understanding of cloud security frameworks and best practices, including NIST, CIS, and ISO 27001.
• Proficiency in using security tools such as Nessus Tenable, ORCA Security, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and other vulnerability scanning tools.
• Familiarity with Red Hat Satellite server, WSUS, IBM BigFix or other similar toolsets.
• Knowledge of scripting languages such as Python, Bash, PowerShell, Ansible for automation of security remediation tasks.
• Excellent problem-solving skills and the ability to work under pressure in a fast-paced environment.
• Strong communication and interpersonal skills, with the ability to explain complex security issues to technical and non-technical stakeholders.
• Must be a US citizen, willing and able to work on-site in Washington, D.C.
• Must obtain public trust prior to starting work.
• Excellent interpersonal and communication skills, both written and verbal.
• Commitment to following stringent security protocols.
• Well-organized, with a high level of attention to detail and the ability to prioritize tasks.

Responsibilities

• Identify and remediate vulnerabilities in cloud infrastructure, with a specific focus on OS-level threats across multiple cloud platforms, including compliance with STIG and CIS benchmarks.
• Collaborate with the cybersecurity team to conduct regular security assessments, vulnerability scans, and penetration tests to identify potential weaknesses.
• Contribute to the development and maintenance of security policies, standards, and procedures for cloud infrastructure, working closely with the cybersecurity team.
• Work with development and operations teams to ensure secure deployment of applications, emphasizing secure configurations and OS-level hardening.
• Monitor security alerts and logs to detect and respond to potential security incidents across cloud environments.
• Stay up-to-date with the latest security threats, vulnerabilities, and technology trends relevant to cloud infrastructure and operating systems.
• Provide guidance and mentorship to junior engineers and team members on best practices for security and vulnerability management in cloud environments.
• Document security controls, configurations, and processes for audit and compliance purposes, ensuring alignment with organizational standards.
• Collaborate in maintaining the continuous monitoring strategy; assist in the observation and analysis of detected threats and/or compliance violations.