Senior Security Engineer

Location: Washington, DC
Date Posted: 06-05-2017
The Security Engineer will provide support to the customer for enterprise security architecture, DIACAP, NIST RMF, NIST 800-53 security controls application, TCP/IP, networking, wireless technology, firewalls, intrusion detection systems, risk, threat, and vulnerability assessments, risk mitigation; denial of service techniques; databases management, malicious code, hack and attack methods; remote access, backup procedures, emergency response procedures, e-mail security, security laws, directives, and regulations, Common Criteria, and security modes of operation.
 
Duties and Responsibilities:
  • Lead and perform security assessment activities for federal information systems, based on FISMA requirements. These activities include but not limited to:
  • Develop and present various security documentation that conclude the assessment package, such as:
    • Security Assessment Plan (SAP);
    • Security Assessment Report (SAR);
    • System Security Plan (SSP);
    • Plan of Action and Milestones (POA&M);
    • Status Reports;
    • Continuous Monitoring Plan (CMP);
    • Kick-off and brief-out presentations; etc.
  • Train and provide guidance for new hires and junior personnel to ensure a complete understanding of the assessment process.
  • Attend meetings to support federal agencies' roadmap and security program.
  • Review documentations for quality assurance prior sending to the customer(s).
  • Conduct meetings/interviews throughout the assessment period of time to obtain evidence/information and achieve clarification.
  • Performs and/or leads security/network engineering requirements analysis, system security design, security architecture, and security verification and validation with little supervision.
  • Executes security scanning and the analysis of the scan results.
  • Assesses and mitigates system security threats and risks throughout the program life cycle.
  • Conduct vulnerability and compliance assessments on systems and ensure vulnerability mitigation.
 
 
Skills/Qualifications:
  • Must have 5-10 years of related experience Strong use and understanding of systems engineering concepts, principles, and theories.
  • Strong Security Assessment and Accreditation experience.
  • Strong understanding of cyber security specifications such as Risk Management Framework (RMF), and other government security specifications and guidelines Strong knowledge of cyber security technology.
  • Strong written and verbal communications skills.
  • Strong in communicating issues, impacts, and corrective actions.
  • Strong ability in reporting and remediating vulnerabilities.
  • Works under limited direction Creative thinker, good multi-tasker.
 
 
Minimum Education and Certifications:
  • Bachelor’s degree required; Master’s preferred.
  • The following certifications (more than one is preferred): Lunarline, Inc. School of Cyber Security “Certified Expert” certifications, CISSP, CISM, CEH, and/or SANS security certifications.
 
 
Place of Performance:
  • Washington, DC
  • Occasional travel may be required.
  • Telework may be permitted on a periodic basis.
 
_____________________________________________________________________________________

Disclaimer
  
Lunarline is an equal opportunity employer. It is the policy of Lunarline that all employees and applicants for employment will be treated in all respects on the basis of their merit and qualifications and without regard to their race, color, national origin, age, disability, sexual orientation, religion, gender, military status, marital status or ancestry.
Lunarline participates in the E-Verify program. Therefore, any employment with Lunarline will also be contingent upon confirmation from the Social Security Administration ("SSA") and/or the Department of Homeland Security ("DHS") of your authorization to work in the United States. 
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.
or
this job portal is powered by CATS