Cyber Security Engineer

GovCIO is currently hiring for a Cyber Security Engineer. This position will be located in Washington, D.C and is a hybrid role.

Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management). Assesses and mitigates system security threats and risks throughout the program life cycle. Validates system security requirements definition and analysis. Establishes system security designs. Implements security designs in hardware, software, data, and procedures. Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Supports secure systems operations and maintenance.

• Craft, contribute to, assess, and recommend scalable, flexible, and resilient cloud architectures incorporating IT security and safeguarding requirements.
• Identify, evaluate, and recommend opportunities to apply innovative and emerging technologies, automate processes, continually improve quality and efficiency in engineering and enterprise audits, and implementing information assurance and cybersecurity in cloud solutions, and identify metrics for monitoring improvements.
• Responsible for software assurance, penetration testing with a range of automated tools, security patch management, secure cloud and hybrid engineering, and CDS
• Recommend, install, configure, operate, and maintain Government-approved IT security tools, RSA Archer and applications to support overall information assurance activities necessary to protect systems in client security environments.
• Develop, maintain and troubleshoot scripts to facilitate the integration and automation of security requirements throughout DevSecOps activities.
• Review and recommend improvements in audit sharing agreements, processes, and technologies between client and other federal agency systems.
• Collaborate with the client in developing repeatable information assurance and cybersecurity processes and provide engineering assistance to Security Control Assessors in support of Assessment and Authorization efforts.
• Recommend, install, configure, operate, and maintain client-approved IT security tools and applications to support overall information assurance activities necessary to protect systems in the customer environments.
• Coordinate with teams across the enterprise on the migration of existing IT services to the cloud, including identifying security technical requirements and potential problems and issues, and participating in Agile software development teams.
  Participate in network and system design to facilitate implementation of appropriate systems security policies.
• Apply coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), and threat modeling.
  Assist with leading technical discussions with stakeholders, help manage client expectations, and develop advanced Splunk reporting.
• Ability to review cloud environments and submit a gap analysis report regarding risks, security vulnerabilities and Continuous Monitoring.
• Collaborate with system developers to discuss and review the Enterprise Audit (EA) strategy, requirements, and audit handling requirements.
• Develop/update and maintain system-specific audit review dashboards and reporting mechanisms.
• Identify and evaluate opportunities to apply innovative and emerging technologies, automate processes, continually improve the conduct and efficiency of client audit activities and Enterprise Audit compliance of systems and infrastructure, and identify metrics for monitoring improvements.
• Strong planning and organizational skills. Detail-oriented, decisive, and goal-oriented to consistently exceed objectives.

Required Skills

• Bachelor's with 8+ years (or commensurate experience)
• Minimum of 5-8 years of security engineer experience.
• Previous experience (at least 4 years) with performing security engineering in a cloud environment, specifically supporting AWS.
• Experience with penetration testing using various automation tools, security patch management, secure cloud and hybrid engineering, and CDS
• Knowledge of IaaS, PaaS and SaaS architectures.
• Experience with Nessus, Tenable Security Center, Linux based systems, Splunk and Amazon Cloud.
• Strong familiarity with NIST 800-53 and FedRAMP requirements.
• Knowledge in the availability, scalability and efficiency of AWS Cloud Platform in order to engineer reliability into all cloud network and virtualization technologies.
• Ability to review and influence new and evolving design, architecture, standards, and methods for security infrastructures, vulnerabilities and networking at scale
• Clearance Required: Active Top Secret clearance required and able to acquire DHS suitability

GovCIO is a team of transformers--people who are passionate about transforming government IT. Every day, we make a positive impact by delivering innovative IT services and solutions that improve how government agencies operate and serve our citizens.

But we can't do it alone. We need great people to help us do great things - for our customers, our culture, and our ability to attract other great people. We are changing the face of government IT and building a workforce that fuels this mission. Are you ready to be a transformer?

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, disability, or status as a protected veteran. EOE, including disability/vets.

Posted Pay Range

The posted pay range, if referenced, reflects the range expected for this position at the commencement of employment, however, base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, education, experience, and internal equity. The total compensation package for this position may also include other compensation elements, to be discussed during the hiring process. If hired, employee will be in an “at-will position” and the GovCIO reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, GovCIO or individual department/team performance, and market factors.