Network Designs, Inc. · 3 weeks ago
Security Engineer - Continuous Diagnostics and Mitigation (CDM)
Washington, DC
Full-time
Hybrid
Senior Level
$119K/yr - $146K/yr
6+ years expNetwork Designs, Inc. (NDi) is a leading Federal contractor specializing in IT and network solutions for government customers. The Security Engineer - Continuous Diagnostics and Mitigation (CDM) is responsible for ensuring cybersecurity risk visibility and compliance through the implementation and maintenance of CDM capabilities.
Information ServicesInformation Technology
No H1B
U.S. Citizen Only
Responsibilities
Designing, implementing, integrating, and maintaining enterprise CDM capabilities to provide continuous visibility into cybersecurity risk, asset posture, and compliance
Deploying and operating CDM tools and dashboards, integrating security data sources, and enabling real-time risk awareness across on-premises and cloud environments
Working closely with cybersecurity operations, system owners, and compliance teams to improve situational awareness, support risk-based decision-making, and ensure alignment with federal cybersecurity standards and mandates
Configure, manage, and tune security controls including firewalls, IDS/IPS, endpoint protection, encryption, and network security controls
Perform patch management and vulnerability remediation aligned with CIS Benchmarks, DISA STIGs, and SCAP
Monitor security posture, vulnerabilities, and configuration compliance across enterprise environments
Respond to security incidents, vulnerabilities, and emerging threats; support investigations and impact assessments
Experience securing cloud environments (AWS, Azure, GCP) using Zero Trust Architecture (ZTA) principles and cloud-native security controls
Assess, develop, and implement security policies and procedures aligned with NIST RMF, FISMA, FedRAMP, ISO 27001, and DoD STIGs
Conduct security risk assessments, control effectiveness reviews, and gap analyses
Support preparation and maintenance of System Security Plans (SSPs), Security Control Assessments (SCAs), Authorization to Operate (ATO) packages, and Plans of Action & Milestones (POA&Ms)
Ensure compliance with federal regulations, industry standards, and organizational policies
Support internal and external audits and certification activities
Develop scripts using Python, PowerShell, and/or Bash to automate security data collection, analysis, and reporting
Collaborate with cybersecurity operations, system owners, engineers, auditors, and leadership to implement CDM capabilities and security best practices
Communicate security risks, compliance status, and remediation strategies to technical and non-technical stakeholders
Qualification
Required
U.S. Citizenship is required
Must be able to obtain a Public Trust
This position is primarily remote, but it requires the ability to attend occasional meetings in DC, MD, VA, WV, NJ, and OK as needed
Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field
6+ years of experience in cybersecurity engineering, security operations, or risk management roles
One or more industry-recognized certifications required, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), CompTIA Security+, Or other equivalent IT or cybersecurity certifications
Demonstrated experience supporting or implementing CDM program capabilities within federal or regulated environments
Experience implementing and operating CDM program tools, including capabilities across: Asset Management (HWAM, SWAM), Identity and Access Management (IdAM), Vulnerability Management, Event Management, Network and Data Protection
Experience integrating CDM components such as: Vulnerability scanners, Endpoint security tools, IAM solutions, Network security tools
Experience supporting or integrating with CDM dashboards, data feeds, and agency or federal-level reporting
Configure, manage, and tune security controls including: Firewalls, IDS/IPS, endpoint protection, encryption, and network security controls
Perform patch management and vulnerability remediation aligned with CIS Benchmarks, DISA STIGs, and SCAP
Monitor security posture, vulnerabilities, and configuration compliance across enterprise environments
Respond to security incidents, vulnerabilities, and emerging threats; support investigations and impact assessments
Experience securing cloud environments (AWS, Azure, GCP) using: Zero Trust Architecture (ZTA) principles, Cloud-native security controls, CSPM, CASB, and encryption
Support implementation of IAM, PAM, and RBAC controls aligned with Zero Trust objectives
Assess, develop, and implement security policies and procedures aligned with: NIST RMF, FISMA, FedRAMP, ISO 27001, and DoD STIGs
Conduct security risk assessments, control effectiveness reviews, and gap analyses
Support preparation and maintenance of: System Security Plans (SSPs), Security Control Assessments (SCAs), Authorization to Operate (ATO) packages, Plans of ActionMilestones (POA&Ms), including remediation tracking
Ensure compliance with federal regulations, industry standards, and organizational policies
Support internal and external audits and certification activities
Develop scripts using Python, PowerShell, and/or Bash to automate security data collection, analysis, and reporting
Integrate CDM tools and security platforms using APIs and automation frameworks (e.g., Ansible, Terraform, cloud-native tools)
Analyze security data to assess risk impact and prioritize remediation efforts
Apply standard and advanced analytical techniques to evaluate security control effectiveness in real-world environments
Analyze cyber threats, vulnerabilities, and misconfigurations across multi-layered architectures
Make data-driven decisions to improve security posture while balancing mission and operational needs
Troubleshoot complex security issues across enterprise IT and cloud environments
Collaborate with cybersecurity operations, system owners, engineers, auditors, and leadership to implement CDM capabilities and security best practices
Communicate security risks, compliance status, and remediation strategies to technical and non-technical stakeholders
Develop security documentation, reports, policies, and procedures supporting CDM and accreditation activities
Support and deliver security awareness and compliance training for stakeholders as needed
Strong organizational, time-management, and multitasking skills
Highly responsive and customer-focused
Extensive understanding of business processes and enterprise IT/security environments
Skilled in facilitation, consultation, and applied problem-solving in complex settings
Excellent written and verbal communication skills
Ability to work with confidential and proprietary information with discretion
Commitment to staying current with emerging threats, technologies, and federal cybersecurity requirements
Continuous Diagnostics and Mitigation (CDM) Program tools supporting: Hardware Asset Management (HWAM), Software Asset Management (SWAM), Identity and Access Management (IdAM), Vulnerability Management, Network and Data Protection, Event Management
CDM dashboards and reporting tools, including agency-level and federal-level data feeds
Vulnerability scanning tools such as: Tenable (Nessus / Tenable.sc), Qualys, Rapid7
Configuration and compliance assessment tools aligned with: DISA STIGs, CIS Benchmarks, SCAP-compliant tools
Identity and Access Management (IAM) platforms
Privileged Access Management (PAM) solutions
Role-Based Access Control (RBAC)
Zero Trust Architecture (ZTA) technologies and policy enforcement tools
Identity providers and directory services (e.g., Active Directory, Azure AD/Entra ID)
Network security technologies including: Firewalls, IDS/IPS (e.g., Snort, Suricata), VPNs
Endpoint security platforms: Endpoint DetectionResponse (EDR), Anti-malware and host-based security tools
Encryption technologies for data at rest and in transit
Cloud platforms: AWS, Azure, and/or GCP
Cloud security tools including: Cloud Security Posture Management (CSPM), Cloud Access Security Broker (CASB), Cloud-native security services
Secure cloud configuration and monitoring aligned with federal standards
Security monitoring and analytics platforms (SIEM or CDM-integrated tools)
Log aggregation and event correlation technologies
REST APIs and data integration mechanisms for CDM feeds
Python, PowerShell, and/or Bash for automation, data analysis, and reporting
Infrastructure and security automation tools such as: Ansible, Terraform, Cloud-native automation services
Frameworks and standards: NIST RMF, FISMA, FedRAMP, ISO 27001, DoD STIGs
Tools supporting: SSP, SCA, ATO, and POA&M development and tracking, Audit and compliance reporting
Version control systems such as Git
IT service management and ticketing tools (e.g., ServiceNow)
Documentation and collaboration platforms (e.g., Confluence, SharePoint)
Benefits
Comprehensive health, dental, vision, pet, and legal insurance
401(k) retirement matching
Paid leave
Paid holidays
Health and wellness programs
Employer-paid life and disability insurance
Professional development
Education benefits
Company
Network Designs, Inc.
NDi is a Verified Service-Disabled Veteran Owned Small Business [SDVOSB] professional services firm, supporting Federal and Commercial customers since 1995.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
Anthony Zeruto, CISM
CEO and Owner
Company data provided by crunchbase