Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

TriTech Enterprise Systems, Inc. · 23 hours ago

Security Engineer

positionBaltimore, MD
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date8+ years exp

TriTech Enterprise Systems is seeking a Security Engineer to support a Maryland State contract. The candidate will be responsible for planning, designing, developing, administering, monitoring, and governing various security policies, controls, and systems for the Health Benefit Exchange (HBX) and other systems.

ConsultingCRMCyber SecurityDatabaseInformation TechnologyIT Management
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Develop and implement cloud security controls, cloud-based processes and tools, and automated cloud security tasks
Perform security assessments, working closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure, and finding solutions to providethe required functionality securely
Continuously monitor the Health Benefit Exchange (HBX) and ancillary systems, not limited to cloud security operations, responding to security issues and escalating as necessary
Conduct security impact analysis of controls on proposed system changes
Conduct cloud security assessments and Penetration testing
Perform Incident Response and Forensics evaluation using security information and event management (SIEM) tools
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle
Review and update systems security documentation and artifacts such as Systems Security Plan, Information Security Risk Assessment, Privacy Impact Assessment, Systems Security Report, Correction Action Plan, Plan of Action & Milestones (POA&M)
Create and track POA&M requirements for resolving security findings
Administer cloud-based and physical firewalls
Deploy and administer Identity and Access Management products in various operating systems
Perform monitoring and operations of Identity and Access Management implementation
Design enhancements in Identity and Access Management products ForgeRock and SailPoint. Maintain, monitor, and provide operational support for IAM products, computer programs, systems, and other security technologies and revise system design and quality standards
Make changes to IAM and underline applications for enhancing enterprise security and ensure safe and secure operation to enable access to our systems for our employees, contractors, consumers, and stakeholders
Perform Security Incident Response and Forensics evaluation using security information and event management (SIEM) tools
Provide operational support for other security technologies. Perform account/access management with IAM and other security tools
Adhere to all security, change control, and MHBE Project Management Office (PMO) policies, processes, and methodologies
Note: The candidate must be flexible to work overtime as needed, including weekends, holidays, and off-hours

Qualification

Cloud SecurityAWS SecuritySIEM ToolsIdentityAccess ManagementSecurity Incident ResponseLinux AdministrationWindows AdministrationSecurity AssessmentsPenetration TestingSecurity CertificationsJavaJavaScriptShell ScriptsTechnical KnowledgeSoft Skills

Required

Eight (8) years of experience analyzing, defining, deploying, monitoring, and administering security requirements and controls for large and mission-critical IT systems
Five (5) years performing day-to-day security operations functions, including administration, troubleshooting, and resolution of various security components
Four (4) years of hands-on experience in performing cloud security functions
Four (4) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities
Four (4) years of demonstrated production experience using AWS Cloud supporting security operations
Four (4) years of experience with administering security for Windows and Linux operating systems
Experience in performing Security Incident Response and Forensics evaluation with SIEM tools
Working knowledge of AWS security features such as Security Groups, Network Access Control List, Firewall, WAF, Guard Duty, Macie, CloudTrail, CloudWatch, Control Tower, etc
Experience with assessment and evaluation of information systems to recommend changes and mitigate threats, risks, and vulnerabilities
Demonstrated ability to perform scheduled maintenance activities such as patching, performance tuning, and backups
Demonstrated ability to perform user provisioning and de-provisioning activities
Experience in monitoring the security infrastructure for operational effectiveness

Preferred

Five (5) years of experience implementing, administering, and monitoring Security Controls and Governance for public-facing complex IT systems
Five (5) years of specialized experience in defining computer security requirements for high-level applications, evaluating approved security product capabilities, and developing solutions to multilevel security problems
Five (5) years of hands-on experience providing operational support for ForgeRock and Sailpoint IAM products
Five (5) years of experience with the assessment and evaluation of information systems to recommend changes and mitigate threats, risks, and vulnerabilities
Five (5) years of experience conducting Incident Response testing to evaluate processes for detection, response, and reporting of security incidents
Three (3) years of hands-on experience designing, developing, deploying, and administering security policies for health insurance marketplaces or complex health and human services systems
Experience configuring ForgeRock to enable single sign-on with different applications and implementing password sync across all internal applications
Experience with configuration and administration of SailPoint and performing tasks such as designing an organizational tree structure and creating provisioning and de-provisioning policies
Experience implementing ID policies, password policies, access control lists (ACL), reconciliation, service definition, the configuration of remote resources, workflows, password synchronization, reconciliation schedules, and life cycle management
Experience in providing detailed configuration and administration for programs such as ACL configuration, Group Management, and configuration management
Hands-on experience with troubleshooting, investigating operational problems, and providing workarounds, resolutions, and remediations
Experience developing IT Security roadmaps and execution plans
Demonstrated technical knowledge of command line utilities running on various platforms, including Linux and MS Windows
Experience with implementation of integration solutions between IAM system and user account repositories such as Active Directory, LDAP, and Databases
Experience with Java, JavaScript, and shell scripts
Experience assisting organizations meeting NIST SP 800-37, NIST 800-53, IRS Publication 1075, and MARS-e 2.0 requirements
Experience with conducting vulnerability management and penetration testing efforts
Experience in configuring and reviewing ASA and/or Fortinet firewalls
Possess one or more security certifications such as CISSP, ISO, CSA STAR Cloud Security Advisor, CCSE, QCS, CNA, VCP, or equivalent
Experience working with the Project Management Office (PMO) processes, policies, and procedures

Company

TriTech Enterprise Systems, Inc.

twittertwitter
company-logo
TriTech Enterprise Systems, Inc., is an Information Technology (IT) Consulting company committed to increasing the competitive advantage of our clients by providing cutting edge solutions through innovation, research and the application of emerging technologies.
dateFounded in 2002
location
Hyattsville, Maryland, USA
people-size11-50 employees
web-link
https://tritechenterprise.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Randolph 'Randy' Williams, Jr.
President/CEO
linkedin
Company data provided by crunchbase