Information Assurance/Security Engineer IV jobs in United States
info-icon
This job has closed.
company-logo

DigiTran Technologies Inc. ยท 6 hours ago

Information Assurance/Security Engineer IV

positionVirginia, United States
timeContract
remoteOnsite
senioritySenior Level
date5+ years exp

DigiTran Technologies Inc. is seeking an IT Security Specialist to join their team supporting a Federal Government customer. The role involves managing application security functions and cybersecurity engineering, ensuring the protection of sensitive information resources critical to the agency's mission.

AnalyticsCommercialInformation TechnologySoftware
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote
Hiring Manager
Joel P
linkedin

Responsibilities

Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information
Manages and administers a wide range of security systems and tools:
Administers cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions
Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting
Executes security related operational activities
Manages security incident detection, response, remediation
Conducts cyber threat and vulnerability analysis and remediation
Develops security metrics and manages reporting and compliance
Serves as Incident Response Team member
Supports operational implementation of FISMA/NIST standards and industry best practices
Operates cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions
Manages IT Security awareness training program in coordination with the Learning Management team, to including developing and delivering IT Security awareness training modules
Manages Password Management system in coordination with Service Desk
Responds to IT Security trouble tickets generated by customers and IT staff. Identifies solutions, works with customer and OCIO team to execute solutions, and manages ticket input, updates, and resolution in the OCIO ticketing system to maintain service level agreements
Supports Security Operations and Engineering by providing technical solution support and expertise
Identifies security risks and recommends risk mitigation strategies
Reviews new and existing systems to ensure baseline security requirements are met and to recommend security enhancements
Develops security architecture and technical solutions for security products
Collaborates with staff from OCIO and other business components to develop security controls and solutions for complex business systems and applications
Develops and executes project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions
Demonstrates in-depth understanding of security requirements associated with cloud-hosted environments, services, and solutions
Evaluates, recommends, and implements security controls associated with cloud-hosted environments, services, and solutions
Evaluates, recommends, and implements security controls for mobile device solutions
Establishes, implements, and interprets the requirements for agency compliance with policy directives governing cybersecurity protection
Performs thorough security operations center analysis of potentially malicious or suspicious threats
Effectively administers and sustains enterprise level application security scanning tools for all COTS, GOTS, Web Applications, and internally developed cloud-based applications
Conducts risk and vulnerability assessments of planned and installed information systems applications to identify vulnerabilities, risks, and protection needs
Conducts systems security evaluations, audits, and reviews
Develops cybersecurity plans, processes, and procedures
Participates in network and system design to ensure implementation of appropriate cybersecurity policies as they relate to application security
Facilitates the gathering, analysis, and preservation of evident used in the prosecution of cybercrimes
Updates or establishes new application security requirements
Assesses security events to determine impact and implementing corrective actions
Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services
Identifies current and potential problem areas
Monitors agency compliance with application cybersecurity protection requirements across IT programs
Skill & Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues
Skill & Ability to assess risk factors and advise on vulnerability to attack from a variety of sources and procedures for protection of systems and applications
Knowledge & Skill in implementing FISMA, NIST, OMB guidelines, and other Federal regulations and guidance. Experience interpreting and implementing FISMA/NIST requirements focused on the operational implementation and documentation of those requirements
Knowledge of security controls for cloud-hosted environments, applications, and services
Experience developing System Security Plans, Security Assessment Reports, Continuous Monitoring Plans, and Plans of Action & Milestones
Ability to plan, organize and manage tasks on time with minimal supervision
Ability to handle multiple tasks and work independently as well as in a team

Qualification

Application SecurityCybersecurity EngineeringCloud Security ToolsRisk AssessmentFISMA/NIST ComplianceStatic Application Security TestingDynamic Application Security TestingSecurity Incident ResponseSecurity Metrics DevelopmentSecure SDLCVulnerability AnalysisTechnical GuidanceTeam CollaborationTime ManagementProblem SolvingCommunication SkillsAdaptabilityAttention to Detail

Required

Must be able to obtain a Position of Public Trust / Moderate Background Investigation security Clearance
Hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode
Specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices
Specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices
Specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise
Specialized experience in assessing application vulnerabilities and bugs in various applications
Specialized experience creating security testing pipelines and test plans
Specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments
Knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#
Extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts
Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university with at least 5 years of specialized experience with hands-on skills in performing application security assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual &Tools) on Web-based Applications
Public Trust Investigation security clearance

Preferred

Advanced degree in Cybersecurity or related field (desired)
Currently Industry Certifications in one or more of the following (or equivalent): Certified Secure Software Lifecyle Professional (CSSLP), Certified Cloud Security Professional (CCSP), Offensive Security Certified Professional (OSCP), EC-Council Certified Application Security Engineer (CASE), GIAC Certified Web Application Defender (GWEB), Azure Developer Associate
Microsoft certification(s): Microsoft 365 Certified Security Administrator Associate, Microsoft Certified Azure Security Engineer Associate

Company

DigiTran Technologies Inc.

twittertwitter
company-logo
DigiTran Technologies (aka DigiTran) leverages its extensive technical, and complex federal government domain-specific expertise, and innovative transformation experience to serve the US businesses.
dateFounded in 2017
location
Herndon, Virginia, USA
people-size11-50 employees
web-link
https://www.digitrantech.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
CHANDRASHEKAR A S TAMIRISA
Chief Growth Officer
linkedin
Company data provided by crunchbase