Our client, a federal civilian agency, is looking for a Senior InfoSec Engineer to join their team. This person will work at the agency's HQ in NW DC, close to Union Station The need is immediate, please be able to interview in person or by phone this week. You MUST have a CISSP or equivalent certification, and be able to do hands on remediation and forensic work.
- Designing, conducting and performing penetration testing. (Penetration testing means the security testing in which evaluators attempt to circumvent the security features or security mechanisms of a computer system.)
- Participating in the design of security test cases for IT applications and conducting IT security application testing. (Application testing means the examination and testing of a program that may be required to verify that it perfom1s its documented function and to verify that it successfully resists attempts by users of the program to make the program function or respond in an unintended manner.)
- Scheduling, coordinating and conducting server, desktop, laptop and network forensics and documenting results. (Network forensics means the capture, inspection and analysis of packets passing through a selected node in the network. Packets can be inspected on the fly or stored on disk for later analysis.)
- Providing a vulnerability scanning service for networked or standalone devices. (Vulnerability scanning means the use of various security tools and procedures to examine a computer system(s) for determining weaknesses that could be exploited.)
- Maintaining antivirus software including coordinating and managing the distributions of updates and new releases to judiciary IT systems.
- Operating a Security Incident Response Desk to monitor IT security issues and report on those issues and recommended solutions.
- Coordinating the aggregation and consolidation of various audit logs to coordinate the generation and distribution of reports that assist in the identification of network threats.
- Designing and implementing a host or network intrusion detection system/intrusion prevention system (IDS/IPS).
- Operating and maintaining the IDS/IPS systems.
- Researching and analyzing IT security questions that may arise.
- Planning, implementing and maintaining an encryption program for desktops, laptops, servers and/or removable media.
- Designing and coordinating the integration of secure wireless systems into existing local area networks.
- Preparing IT security procedural and/or security awareness materials for training and communications purposes. These activities can range from providing subject matter expertise in the development of webinars, on-line training, class room training, etc.; conducting security training; developing security notices, preparing briefing materials and presenting information as requested by the Government.
- Incorporating security best practices into client initiated projects and applications. This encompasses conducting basic security assessments, identifying and tracking vulnerabilities, optimizing the use of security and network management tool sets, assisting network managers and system administrators in the remediation of identified risks.
- Assisting in the operation and maintenance of an incident response team. This includes performing activities such as writing notices that address recent security issues; maintaining an IT security website; providing technical evaluation for software testing, penetration testing methodologies, and toolkits; logging and tracking incidents in a problem tracking database or tool; researching, resolving, and closing incidents; performing in-depth ongoing technical threat and vulnerability research, which may include configuring and testing in a computer lab environment; performing research and analysis on computer and network security problems; and coordinating technical fixes with vendors and users; performing technical evaluations of Commercial Off The-Shelf (COTS) products to facilitate consistent court wide implementation; designing, developing, enhancing, collecting, maintaining, testing and making available for distribution IT security tools and techniques the client may need to audit or assess the vulnerability of various platforms and configurations.
Demonstrated experience as an Infosec or Cybersecurity engineer. Help desk environment experience helpful.
Engineering, math or science degree required from a U.S, accredited institution + 5 relevant years experience.
8 years of relevant experience can be substituted for a degree. 5 years of relevant experience + relevant certification can be substituted for a degree. A Master's degree is equivalent to 2 years of relevant experience. MUST be a US Citizen and be able to obtain a Public Trust clearance.