IT Security Specialist jobs in United States
cer-icon
Apply on Employer Site
company-logo

ECS ยท 1 day ago

IT Security Specialist

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$153K/yr - $183K/yr
date5+ years exp

ECS is a leading mid-sized provider of technology services to the United States Federal Government, and they are seeking an IT Security Specialist to work remotely. The role involves managing application security functions, cybersecurity engineering, and ensuring the protection of sensitive information resources critical to the agency's mission.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information
Manages and administers a wide range of security systems and tools:
Administers cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions
Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting
Executes security related operational activities
Manages security incident detection, response, remediation
Conducts cyber threat and vulnerability analysis and remediation
Develops security metrics and manages reporting and compliance
Serves as Incident Response Team member
Supports operational implementation of FISMA/NIST standards and industry best practices
Operates cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions
Manages IT Security awareness training program in coordination with the Learning Management team, to including developing and delivering IT Security awareness training modules
Manages Password Management system in coordination with Service Desk
Responds to IT Security trouble tickets generated by customers and IT staff. Identifies solutions, works with customer and OCIO team to execute solutions, and manages ticket input, updates, and resolution in the OCIO ticketing system to maintain service level agreements
Supports Security Operations and Engineering by providing technical solution support and expertise
Identifies security risks and recommends risk mitigation strategies
Reviews new and existing systems to ensure baseline security requirements are met and to recommend security enhancements
Develops security architecture and technical solutions for security products
Collaborates with staff from OCIO and other business components to develop security controls and solutions for complex business systems and applications
Develops and executes project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions
Demonstrates in-depth understanding of security requirements associated with cloud-hosted environments, services, and solutions
Evaluates, recommends, and implements security controls associated with cloud-hosted environments, services, and solutions
Evaluates, recommends, and implements security controls for mobile device solutions

Qualification

CybersecurityApplication SecuritySecure SDLCStatic/Dynamic TestingVulnerability AssessmentCoding LanguagesSecurity Testing PipelinesIncident ResponseCloud Security ToolsTest PlansTest CasesSoft Skills

Required

Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university
At least 5 years of specialized experience with hands-on skills in performing application security assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual & Tools) on Web-based Applications
Must have hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode
Must have specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices
Must have specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices
Must have specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise
Must have specialized experience in assessing application vulnerabilities and bugs in various applications
Must have specialized experience creating security testing pipelines and test plans
Must have specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments
Must have knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#
Must have extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts

Preferred

Advanced degree in Cybersecurity or related field
Currently Industry Certifications in one or more of the following (or equivalent): Certified Secure Software Lifecyle Professional (CSSLP), Certified Cloud Security Professional (CCSP), Offensive Security Certified Professional (OSCP), EC-Council Certified Application Security Engineer (CASE), GIAC Certified Web Application Defender (GWEB), Azure Developer Associate
Microsoft certification(s): Microsoft 365 Certified Security Administrator Associate, Microsoft Certified Azure Security Engineer Associate
Moderate Background Investigation security clearance

Company

ECS

twittertwittertwitter
Glassdoor3.6
company-logo
ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.
dateFounded in 2001
location
Fairfax, Virginia, USA
people-size1001-5000 employees
web-link
https://www.ecstech.com

Funding

Current Stage
Late Stage
Total Funding
unknown
2018-01-31Acquired
2015-04-10Private Equity

Leadership Team

leader-logo
Keith McCloskey
VP / Chief Technology Officer
linkedin
leader-logo
Ryan Garner
Chief Financial Officer
linkedin

Recent News

Morningstar.com
ECS Recognized as a Top Partner with 2025 Elastic Services Partner Award โ€“ AMER
2025-11-19
MarketScreener
ECS Joint Venture 1CyberForce Wins Spot On $20B Cybersecurity Vehicle
2025-03-26
citybiz
ECS Names John Lau Vice President of Defense and Intel Solutions
2025-02-14
Company data provided by crunchbase