Apply on Employer Site

ECS · 2 days ago

Senior Security Engineer

Suitland, MD

Full-time

Onsite

Senior Level, Lead/Staff

$156K/yr - $180K/yr

10+ years exp

ECS is a leading information security and information technology company in Washington, DC. They are seeking a Senior Security Engineer to support a full range of cyber security services on a long-term contract for a US Government civilian agency.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware

No H1B

U.S. Citizen Only

Responsibilities

Design and develop cybersecurity or cybersecurity-enabled

Design hardware, operating systems, and software applications to adequately address cybersecurity

Design or integrate appropriate data backup capabilities into overall system designs and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data

Develop and direct system testing and validation procedures and documentation

Develop detailed security design documentation for component and interface specifications to support system design and development

Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment

Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or

Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find workarounds for communication protocols that are not interoperable)

Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability

Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements

Implement security designs for new or existing system(s)

Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts)

Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change

Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies

Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation

Design to security requirements to ensure requirements are met for all systems and/or applications

Develop mitigation strategies to address cost, schedule, performance, and security risks

Perform security reviews and identify security gaps in architecture

Trace system requirements to design components and perform gap analysis

Verify stability, interoperability, portability, and/or scalability of system architecture

Qualification

CybersecuritySystem DesignRisk ManagementNetwork SecuritySecurity CertificationsDevSecOpsSoftware Development ModelsSupply Chain Risk ManagementInformation TheoryCommunication Skills

Required

Strong written and verbal communication

Knowledge of secure configuration management (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org)

Knowledge of software development models (e.g., Waterfall Model, Spiral Model)

Knowledge of DevSecOps and software engineering

Knowledge of structured analysis principles and methods

Experience designing architectures and frameworks

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools

Knowledge of the systems engineering process

Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)

Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools

Bachelor's degree or higher

10+ years' experience in security engineering in mid to large environments

Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, system security, network infrastructure, access control, cryptography, assessments and audits, and organizational security

Active Public Trust clearance

Preferred

In-depth knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression)

Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Knowledge of network design processes, including understanding of security objectives, operational objectives, and trade-offs

Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Experience designing the integration of hardware and software

Experience in developing and applying security system access

Skill in discerning the protection needs (i.e., security controls) of information systems

Skill in evaluating the adequacy of security designs and conducting reviews of technical

Skill in the use of design modeling (e.g., unified modeling language)

Ability to apply secure system design tools, methods and techniques and ensure security practices are followed throughout the acquisition process

Company

ECS

Glassdoor3.6

ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.

Founded in 2001

Fairfax, Virginia, USA

1001-5000 employees