Lead Information Security Engineer
Washington, D.C.
Applications have closed
Job Description:
Lead staff in the design, engineering, integration, implementation, testing, deployment, maintenance, review, and administration of the infrastructure, hardware, and software that are required to effectively manage the security and risk posture of the network and resources. Analyze the development of system concepts and apply an advanced understanding of the systems engineering life cycle to translate Cyber strategic objectives, technology, and environmental conditions into engineering outcomes and solutions. Lead the analysis of trends and emerging technology for potential program modernization. Provide leadership and mentoring for junior employees. Contribute to the development of innovative principles and ideas. Work on unusually complex problems and provides highly creative solutions.Act as the leader on large programs and projects that affect the organization's long-term goals and objectives.
Location: Washington D.C., USA
Skills and Qualifications:
Basic Qualifications:
- 8+ years of “hands-on” technical experience in the area of information or cyber security solution engineering, with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools.
- 4+ years of experience in supervising programs or projects by developing engineering, technical and management procedures and controls, monitoring, and reporting progress
- 4+ years of management and supervisory experience in leading technical teams
- 4+ years of experience in building and administering Windows Server and Active Directory, Network devices (e.g., Cisco, Juniper), and managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging.
- Demonstrated understanding of TCP/IP networking concepts and DNS.
- Experience with public cloud services providers such as Amazon AWS or Microsoft Azure.
- Knowledge of Federal compliance standards such as NIST 800-53, FIPS, FedRAMP.
- Ability to obtain a public trust clearance. Cannot be a dual citizen per new SEC requirements
- Bachelor’s degree or equivalent professional experience in the field of information security, computer engineering, information systems, telecommunications, or related technical or functional discipline.
- Any one of the SANS GIAC Security certifications (Administration, Software, Forensics, or GSE Expert), ISC2 CISSP, or any security systems vendor administration-level certifications
Specialization in at least one of the following fields with four (4) or more years of experience:
- Building and administering security devices such as network firewall, web proxy, data loss prevention systems, and intrusion prevention systems.
- Building and administering Windows Server and Active Directory.
- Building and administering Linux/UNIX based systems.
- Building and administering Network devices (e.g., Cisco, Juniper).
- Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
- Conducting Imperva database security assessment and monitoring.
- Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging.
- Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit.
- Demonstrated understanding of TCP/IP networking concepts and DNS.
- Experience with public cloud services providers such as Amazon AWS or Microsoft Azure.
- Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP.
One final note, as you may be aware, the team is supporting several different workstreams. There is no expectation that this individual will have an understanding of all technologies used, but it would be beneficial if they significant experience in two to three of the following core technical areas:
- Vulnerability Management (Tenable, Nessus)
- CyberArk
- Application Scanning (Dynamic Application Scan Testing (DAST) / Static Application Scan Testing (DAST), Varonis)
- Imperva
- Creation of Security Baselines / Audit File Creation
- Varonis
Closing Statement:
XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.
Tags: Active Directory Application security AWS Azure C CISSP Clearance Clearance Required Cloud Compliance Cyberark DAST DNS Encryption FedRAMP Firewalls Forensics GIAC Intrusion prevention Linux Monitoring Nessus Network security NIST Pentesting PKI SANS Scripting Security assessment TCP/IP UNIX Vulnerabilities Vulnerability management Windows
Perks/benefits: 401(k) matching Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open DevSecOps-related jobs