Senior Information Security Engineer

About The Position

Requirements

• Knowledge of cybersecurity principles.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Secure Hash Algorithm [SHA]).
• Key Management implementation and maintenance experience.
• Detailed understanding of virtualized platforms, Linux, and Windows use and administration, and applicable security vulnerabilities and controls.
• Detailed understanding of the web, application, and database architectures and applicable security vulnerabilities and controls.
• DoD Risk Management Framework (RMF) knowledge, NIST SP 800-53, and NIST SP 800-171 experience.
• Experience with FedRAMP/DISA reporting and compliance.
• Demonstrated experience building and managing vulnerability management programs from vulnerability discovery processes to remediation and validation.

Nice To Haves

• Currently hold and be able to maintain a US security clearance at the Secret level.
• Ability to work on-site in the Atlanta Office for the majority of working hours and on-call support as needed.
• 5+ years proven experience and demonstrated success in technology roles with emphasis on vulnerability management, information security and a strong technical background.
• Strong oral and written communication capability. Clearly communicate complex ideas into simple terms for key stakeholders.
• Currently possess or ability to obtain DoD 8570.01 Base Line certification (e.g. CAP CCNA Security - CISCO, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP) IAM Level II & IAT Level II.

Responsibilities

• Lead the delivery of the cybersecurity framework for a large-scale secure implementation supporting a growing and expanding business.
• Install, configure, and maintain Security Event Information Management (SEIM) across Linux and Windows environments.
• Implement security tools and perform continuous monitoring using tools like Tenable or other Vulnerability Scanning and Management tools.
• Evaluate security infrastructure tools/architecture for improvements and adaptation to changing government standards.
• Assist with configuration and validation of DISA Security Technical Implementation Guidelines (DISA) and identify exceptions with mitigations.
• Establish, maintain, and monitor all security policies and access rules defining specific access to network, files, and database management systems according to the System Security Plan.
• Identify potential Security Incidents and participate in Security Incident Response planning and execution.
• Stay current on emerging technologies and threats and proactively assess and evaluate their adoption into the organization.
• Perform COMSEC Manager role and work with FSO and infrastructure team on implementing key security practices required to maintain the secure facility.
• Advise management (e.g., CIO) on risk levels and security posture.