Lead Cybersecurity Engineer/Task Order Manager
Washington, DC
Applications have closed
Responsibilities:· Manage all aspects of an organization's information security system, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches.· Conduct risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes relevant documents including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.· Research, evaluate, design, test, recommend, communicate, and implement new security software or devices; facilitate technical insertion for new products.· Implement, enforce, communicate, and develop internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations.· Review CVEs, plug-ins, CWEs etc.· Participate in Agile Planning Events to provide technical input; participate in daily Scrum meeting and ensure timely response and reporting of team’s action items.· Responds to data calls, scan requests and weekly and monthly reporting.· Interact with agency departments/division.· Provide or oversee contract deliverables.· Obtain information systems authorized for operations (ATOs) based on NIST SP 800 series guidance.· Conduct gap analysis of commercial vendor service/application security audits, such SOC Type 2 or HIPAA to NIST SP 800-53 Revision 5 security controls.· Assist other agency’s assessor with security control evaluations.· Generate Plans of Action & Milestones (POA&M) to track the mitigation of vulnerabilities and compliance issues with agency Governance, Risk and Compliance tool (CSAM).· Generate security artifacts such as System Security Plans, Security Control Traceability Matrices, Configuration Plans and Contingency Plans and Testing, and Self-Assessment Test Plans.· Continuous monitoring of system; responsible for monitoring and tracking system vulnerabilities and compliance issues.· Demonstrated knowledge of IT Security policy implementation statements, the regulatory structure of policy, the role of the Department of Homeland Security (DHS), the Office of Management and Budget (OMB), and the National Institute of Standards and Technology (NIST).· Demonstrated hands-on experience with multiple tools providing security functions such as vulnerability management (e.g., Nessus, Retina), configuration management (e.g., Tenable Security Center, IBM BigFix, SCCM, McAfee ePO), endpoint protection (e.g., antivirus, ATP), data loss prevention, and intrusion detection software and hardware.· Hands-on experience conducting system administration of Windows servers and client, Linux, and network devices, such as Windows 2019 servers, Windows 10 Enterprise client, and Linux 7.x servers.· Extensive working knowledge of various network ports, protocols, and service and provide guidance on the establishment of secure paths of communicates between application and agency’s nodes.· Hands-on experience conducting and/or assisting with a cybersecurity root cause analysis and developing a strategy for mitigation of the potential vulnerability.· Hands-on experience working with Governate, Risk, and Compliance tools, such as CSAM.· Familiarity with the use of data analysis tools, including the use of Microsoft Excel or PowerBI to combine data from multiple sources.· Excellent oral and written communication skills and the ability to deliver in-person or virtual training that results in excellent assessment via trainee feedback, and ability to review and comment on design documents while providing subject matter expert review.· Customer location is Washington D.C. This is currently a hybrid on site/remote role, subject to change according to customer Return to Office policies.
Required Qualifications
- Bachelor’s Degree with 10 years related experience OR 10 total years of experience in Cybersecurity and IT Security
- Active Secret Clearance required; ability to obtain customer accesses
- At least one relevant certification, such as CISSP-ISSMP, CISM, PMP
- 5-7 years’ experience working in Federal space
Desired Qualifications
- Active Top-Secret Clearance
- Cloud security experience highly desired
- Cyber program experience within federal customer space a strong plus!
- Additional relevant certifications
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Audits C CISM CISSP Clearance Clearance Required Cloud Compliance Governance HIPAA Intrusion detection Linux Monitoring Nessus NIST Pentesting Risk analysis Scrum Security Impact Analysis SOC Strategy System Security Plan Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs