Information Security Engineer

Washington, DC
Sep 18, 2020
Sep 20, 2020
Full Time
Description: RavenTek is seeking a Information Security Engineer focusing in Network Security to support The US Securities and Exchange Commission (SEC). Work under limited supervision and participate in the design, engineering, integration, implementation, testing, deployment, maintenance, review, and administration of the baseline infrastructure, hardware, and software that are required to effectively manage the security and risk posture of the network and resources. Be able to obtain government clearance. Information security services for any and all emerging IT components, IT services, and ancillary elements as they arise as required to achieve the agency's mission. These services include, but are not limited to the following: Privacy Compliance and Testing Governance, Risk, and Compliance (GRC) services Security Assessment and Authorization (SA&A) Continuous Diagnostics and Mitigation (CDM) . Requirements: Required Security Clearance: Public Trust or higher Qualifications Requirements: Extensive baseline experience and will need to be able to lead security baseline creation Experience with Palo Alto firewall and proxy servers Expertise in securing enterprise web applications and familiarity with OWASP Top 10. Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump. Experience with public cloud services providers such as Amazon AWS or Microsoft Azure. Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP. Required Education and Experience: Bachelor's degree or equivalent professional experience in the field of information security, computer engineering, information systems, telecommunications, or related technical or functional discipline. Maintain at least one current professional certification. Acceptable certifications include: Any SANS GIAC Security certifications (Administration, Software, Forensics, or GSE Expert), ISC2 CISSP, or any security systems vendor administration-level certifications. Other certifications may be acceptable as approved by the COR. A minimum of eight (8) years of relevant work experience in the area of information/cyber security engineering or security operations, including hands-on experience with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools. Two (2) or more years of experience in the design and implementation of enterprise-wide security controls to secure systems, applications, network, or infrastructure services. Specialization in at least one of the following fields with four (4) or more years of experience: Building and administering security devices such as network firewall, web proxy, data loss prevention systems, and intrusion prevention systems. a. Building and administering Windows Server and Active Directory b. Building and administering Linux/UNIX based systems c. Building and administering Network devices (eg, Cisco, Juniper) d. Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities. e. Conducting database security assessment and monitoring. f. Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging. g. Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit Employment Type: Full Time / Permanent Working Conditions: Business work hours are normally set from Monday through Friday 8:00am to 5:00pm. Works at a desk in a professional office environment with extensive computer use and phone correspondence. Physical Requirements: Sitting for extended periods of time Must be able to lift at least 20lbs Must be able to legally operate a motor vehicle Background Screening/Check/Investigation: Successful Completion of a Background Screening/Check/Investigation will/may be required as a condition of hire. ADA: RavenTek will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990. EEO/AA: RavenTek does not discriminate on the basis of race, color, national origin, sex, religion, age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/equal opportunity/affirmative action employer. PM20 PI123329516