Apply on Employer Site

UIC Commercial Services · 1 day ago

ISSO/Systems Security Engineer

Dahlgren, VA, US

Full-time

Onsite

Senior Level

5+ years exp

UIC Commercial Services is seeking a skilled full-time ISSO/Systems Security Engineer to join their team in Dahlgren, VA. The role involves identifying and mitigating vulnerabilities in security systems, conducting vulnerability scans, and applying system hardening techniques.

ConstructionLogisticsShipping

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conducting vulnerability scans and recognizing vulnerabilities in security systems

Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.)

Conducting application vulnerability assessments

Identifying systemic security issues based on the analysis of vulnerability and configuration data

Sharing meaningful insights about the context of an organization’s threat environment that improve its risk management posture

Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution

Performing impact/risk assessments

Qualification

Vulnerability scanningDoD network analysis toolsSystem/network/OS hardeningApplication vulnerability assessmentsCybersecurity principlesNetwork security methodologiesIAM Level II certificationTroubleshooting cyber defenseImpact/risk assessmentsNetwork protocols knowledgeCyber threats knowledge

Required

Bachelor's degree required and five (5+) or more years of relevant experience

IAM Level II certification required

Knowledge of computer networking concepts and protocols, and network security methodologies

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust)

Knowledge of basic system, network, and OS hardening techniques

Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

Knowledge of application vulnerabilities

Knowledge of system administration, network, and operating system hardening techniques

Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems

Travel may occasionally be required, but rare

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems

Skill in using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.)

Skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.)

Skill in conducting application vulnerability assessments

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data

Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture

Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Skill in applying host/network access controls (e.g., access control list)

Skill in using Virtual Private Network (VPN) devices and encryption

Skill in securing network communications

Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)

Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution

Skill in performing impact/risk assessments

Skill to develop insights about the context of an organization's threat environment

Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Preferred

Knowledge of cyber threats and vulnerabilities

Knowledge of specific operational impacts of cybersecurity lapses

Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list)

Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Knowledge of network traffic analysis methods

Knowledge of Virtual Private Network (VPN) security

Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi), paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly

Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML)

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)

Knowledge of application security risks

Company

UIC Commercial Services

UIC Commercial Services is a division of Ukpeaġvik Inupiat Corporation, the Alaska Native Village Corporation for Utqiaġvik, Alaska.

Founded in 1984

Anchorage, Alaska, USA

201-500 employees

https://uicalaska.com/our-companies/uic-commercial-services/uic-bowhead-transport-llc/

Funding

Current Stage

Growth Stage

Leadership Team

Don Gray

Vice President of UIC Oil & Gas and Marine Services

Company data provided by crunchbase