Security Engineer (Public Trust Clearable)
Akima
Washington, DC, US
2d ago

Description

Cloud Lake Technology, an Akima Company, is a provider of services to today’s Big Data and Cloud market with one crucial difference : our services are highly-specialized, data-centric services.

This enables us to focus laser like on helping our government and commercial customers quickly and cost effectively harvest, analyze and leverage the greatest possible value from the increasingly vast amounts of data they are acquiring and need to manage.

Job Summary :

Cloud Lake, LLC is looking for a talented Security Engineer to add to their dynamic team supporting highly visible federal contracts.

This role supports and provides security monitoring and auditing. The Security Engineer will work directly with clients and technical teams to provide recommendations and assistance regarding security process, ATO achievement, and continuous monitoring.

This role also supports various projects as required.

Responsibilities :

  • Review, prepare, and update ATO authorization packages.
  • Notify customer when changes occur that might affect ATO authorization.
  • Identify ATO vulnerabilities and implement countermeasures.
  • Represent the customer on various technical review and inspection teams.
  • Conduct security surveys with 3rd party contractors and vendors, and gather pertinent security documentation for inclusion into system authorization packages.
  • Assist Client, and Contractor organizations with the development of assessment and authorization (A&A) efforts.
  • Build, coordinate, maintain, and change the Risk Management Framework (RMF) and Assessment and Authorization (A&A) packages for government client(s).

    Continuously monitor for control compliance and take immediate actions to bring systems into compliance.

    Conduct Computer Network Defense (CND) actions, and Computer Network Exploitation (CNE) enabling activities.

    Defend against unauthorized activity within computer networks including monitoring, detection, analysis (such as trend and pattern analysis), and response and restoration activities.

    Utilize computer networks to gather data from internal target or adversary information systems or networks in support of operations and intelligence collection capabilities.

    Determine the attribution and actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and / or the information residing therein to develop incident response plans using forensically sound methods and procedures.

    Ensure that all application deliverables comply with the DISA Application Security & Development and Database STIG, which includes the need for source code scanning and a Web Penetration Test to mitigate vulnerabilities (including as examples, SQL injections, cross-site scripting, and buffer overflows).

    Systems engineering of network and host layer security infrastructure, intrusion detection systems, secure remote access infrastructure and network access control systems.

    Systems engineering of Security Event and Incident Management solutions, including log aggregation, event correlation, and recording.

    Systems engineering of Vulnerability Management programs, including risk management approaches to remediation.

    Create and deliver detail and summary level technical reports on system performance and compliance.

    Collaborate with system owners to develop, implement and enforce configuration standards and uphold all business continuity requirements.

    Qualifications

    Minimum Qualifications :

  • Demonstrable experience in SecDevOps
  • Bachelor’s degree, 4+ years of military active duty, or relevant experience in a technical or analytical field.
  • 10 years’ experience in cyber security and information assurance.
  • CISSP Certified (or commitment to obtain within six months)
  • Strong written and verbal communication skills.
  • Ability to work flexible hours and be on-call.
  • Familiar with DIACAP, Risk Management Framework (RMF), STIGs, and IA Controls.
  • Experience with development / architecture for apps and services, and testing and administration.
  • Strong knowledge of Linux technologies and Amazon Web Services.
  • Networking experience including routers, switches, and firewalls.
  • Experience with Cisco and Juniper.
  • Must be detail oriented and possess the ability to work in a multi-disciplined environment with an adaptive personality.
  • Must be able to apply intensive and diverse knowledge to problems and make independent decisions.
  • Must be a team player able to work professionally and collaboratively with the government customer and other contract members of the project team.
  • Proficiency in vulnerability analysis and remediation
  • Advanced persistent threat analysis and remediation
  • Proficient in automation and orchestration of repetitive functions via scripting and / or API calls
  • Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form