Senior Cybersecurity Operations Engineer (15.40)

About The Position

Requirements

• Must be a U.S. Citizen.
• Minimum six (6) continuous years of experience in cybersecurity operations engineering in a federal government environment.
• Demonstrated hands-on experience with SIEM platforms, SOAR tools, NDR, EDR, and firewall management.
• Strong knowledge of NIST Risk Management Framework (RMF), FISMA, CISA Binding Operational Directives, and federal cybersecurity best practices.
• Experience with Microsoft Azure cloud security, M365 Defender for Cloud, and hybrid on premises/cloud environments.
• Proficiency with Cisco networking and firewall technologies.
• Experience with continuous monitoring, CDM program tools, and log management (Syslog).
• Strong knowledge of incident response procedures and threat hunting methodologies.
• Experience with PowerShell scripting for security automation.
• CISSP, CISM, CEH, or equivalent cybersecurity certification required.
• Ability to obtain and maintain a Public Trust clearance; background investigation will involve credit, fingerprint, and law enforcement agency checks.
• Must work primarily onsite in SW, Washington, DC 20024; limited remote work may be authorized.

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field preferred; relevant IT certifications may be substituted for a formal degree.

Responsibilities

• Apply knowledge of information systems security principles, NIST guidelines, FISMA, CISA directives, and federal security requirements to conduct ongoing security assessments of installed systems and networks and recommend corrective actions.
• Ensure effective configuration and daily operations of cybersecurity tools including SIEM integration, Syslog, Network Detection and Response (NDR), Endpoint Detection and Response (EDR), firewalls, M365 cloud security, Defender for Cloud, and Continuous Diagnostics and Mitigation (CDM) capabilities.
• Maintain threat awareness and monitor client information systems for exploits and suspicious activities; analyze aggregated logs from security tools and perform regular threat hunting activities.
• Execute incident response activities including all associated actions according to the client's incident response plan; develop incident handling procedures.
• Develop Security Orchestration, Automation, and Response (SOAR) capabilities and detection/response configuration policies to increase automation.
• Adhere to continuous monitoring practices to evaluate effectiveness of implemented security controls and execute proactive threat hunting activities.
• Apply knowledge of networking technologies including LAN, Microsoft Azure, and wireless management in security solutions implementation and troubleshooting.
• Collaborate with the CISO and Privacy Officer to develop plans, techniques, and measurable objectives for improving cybersecurity and privacy measures that protect sensitive information.
• Collect security operations performance metrics and prepare threat reports to inform risk management decisions.
• Develop and maintain accurate security operations documentation including standard operating procedures for recurring tasks.
• Validate that sufficient and relevant information is captured and retained from security tools to support actionable security awareness and incident investigations.
• Collaborate with other teams on the integration of applications and IT services to ensure security requirements are met.

Benefits

• Medical, Dental, and Vision insurance
• Retirement savings 401K plan provided by an industry leading provider with 3% employer contributions of the employee’s gross salary
• Paid Time Off and Standard Government Holidays
• Life Insurance, Short- and Long-Term disability benefits
• Training Benefits