Lead Cybersecurity Engineer
Washington, DC
Applications have closed
Role is 75/25 split between Lead Cybersecurity Engineer and Project Manager:· As a Lead Cybersecurity Engineer, you will safeguard networks against unauthorized modification, destruction, or disclosure.· As Project Manager, after overlapping with current PM during a training period, you will take over leadership of a 3-person cybersecurity team, and manage normal day-to-day cybersecurity tasks and reporting.· You will lead a team that is responsible for conducting risk analysis on customer products. You will review CVEs, plugins, CWEs etc.; facilitate Technical Insertion for new products, participate in Agile Planning Events to provide technical input in addition to trade studies for tools, etc., interface with senior customers, manage task order delivery, and provide guidance, technical support, mentoring, and day to day management for to team members.
Responsibilities:· Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).· Demonstrated hands-on experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus, Retina), configuration management (e.g., Tenable Security Center, IBM BigFix, SCCM, McAfee ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware.· Hands-on experience conducting system administration of Windows servers and client, Linux, and network devices, such as Windows 2019 servers, Windows 10 Enterprise client, and Linux 7.x servers.· Extensive working knowledge of various network ports, protocols, and service and provide guidance on the establishment of secure paths of communicates between application and agency’s nodes.· Hands-on experience conducting and/or assisting with a cybersecurity root cause analysis and developing a strategy for mitigation of the potential vulnerability.· Researches, evaluates, designs, tests, recommends, communicates, and implements new security software or devices.· Implements, enforces, communicates, and may develop internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations.· Manage all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.· Conducts risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes relevant documents including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.· Manage all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.· Obtain information systems authorized for operations (ATOs) based on NIST SP 800 series guidance. · Conduct gap analysis of commercial vendor service/application security audits, such SOC Type 2 or HIPAA to NIST SP 800-53 Revision 5 security controls.· Hand-on experience working with Governate, Risk, and Compliance tools, such as CSAM.· Assist other agency’s assessor with security control evaluations. · Generates Plans of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues with agency Governance, Risk and Compliance tool (CSAM).· Generates security artifacts such as System Security Plans, Security Control Traceability Matrices, Configuration Plans and Contingency Plans and Testing, and Self-Assessment Test Plans.· Continuous monitoring of system (ConMon) where they are responsible for monitoring and tracking system vulnerabilities and compliance issues.· Responds to data calls, scan requests and weekly and monthly reporting.· Interact with agency departments/division.· Provide or oversee contract deliverables.· Participate in daily Scrum meeting and ensure timely response and reporting team’s action items.· Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.· Excellent oral and written communication skills and the ability to deliver in-person or virtual training that results in excellent assessment via trainee feedback, and ability to review and comment on design documents while providing subject matter expert review.Customer location is Washington D.C. This is currently a hybrid on site/remote role, subject to change according to customer Return to Office policies.
Required Qualifications
- Bachelor’s Degree with 10 years related experience OR 10 total years of experience in Cybersecurity and IT Security
- Active Secret Clearance required; ability to obtain customer accesses
- At least one relevant certification, such as CISSP-ISSMP, CISM, PMP
- 5-7 years’ experience working in Federal space
Desired Qualifications
- Master’s degree in Cybersecurity or related field
- Active Top-Secret Clearance
- Cloud security experience highly desired
- Cyber program experience within federal customer space a strong plus!
- Additional certifications such as CISSP-ISSMP, CISM, PMP
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits C CISM CISSP Clearance Clearance Required Cloud Compliance Governance HIPAA Intrusion detection Linux Monitoring Nessus NIST Pentesting Risk analysis Scrum Security Impact Analysis Strategy System Security Plan Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs