Cyber Security Engineer

Location: Herndon, VA, United States
Date Posted: 05-18-2016
Cybersecurity/Systems Security Engineer
This is a direct/perm role with our client. Our client is a $2bn aerospace engineering firm looking for a dynamic and self-driven individual with systems security engineering and cybersecurity (CS) policy experience. The individual will be joining a team of systems security engineers and will be responsible for supporting the following type of activities in a high-paced environment:
  • Prepare, develop, and modify all required cybersecurity (CS) documentation in accordance with Intelligence Community Directive (ICD) 503 and following the National Institute of Standards and Technology (NIST) SP800-37 Risk Management Framework (RMF) processes for Forward Processing, Exploitation, and Dissemination (FPED) and Distributed Common Ground System (DCGS) systems.
  • Assess multiple systems for security compliance using their assigned Committee on National Security Systems Instruction (CNSSI) 1253 security categorization and associated NIST SP800-53a ver. 4 security controls within virtualized development, test, and production environments.
  • Develop, gather, and review information system security artifacts for accuracy, relevance, and compliance related to: security categorization, risk assessments, security controls design and implementation, disaster recovery, security awareness, network and application security, and continuous monitoring.
  • Install, test, maintain, and upgrade network devices, operating systems, software, and hardware to comply with CS requirements across multiple platforms (Windows, Linux, Cisco IOS/NX-OS, VMWare)
  • Execute and/or coordinate security/vulnerability testing of web-based applications and associated infrastructure
  • Perform static/dynamic code analysis of software systems (GOTS/COTS) in order to meet compliance with IC regulatory processes
  • Ensure integration of new hardware and software components are deployed in a secure manner consistent with federal guidelines and professional standards
  • Participate in and provide input to engineering and CS meetings to ensure system security control requirements are understood and integrated into the systems
  • Analyze patterns of non-compliance and develop appropriate administrative or programmatic actions to minimize security risks
  • Identify system vulnerabilities that result in a departure from established best practices such as HW/SW acquisition practices, product security configuration, SW and firmware updates and other areas not apparent during automated testing routines
  • Active TS/SCI clearance or a current SSBI with TS/SCI eligibility
  • Minimum of four (4) years of experience in cybersecurity or a related area
  • Experience with DoD systems (DCGS preferred)
  • Experience with ICD 503 and NIST Special Publications preferred
  • Experience with DISA STIG configuration standards
  • Experience with Windows and Linux Operating Systems being hosted in physical and/or VMWare environments
  • Ability to travel 25%
  • Working experience of vulnerability tools such as the DISA SCAP Compliance Checker (SCC), Nessus, eEye Retina, or other standard industry tools
  • Familiarity with security tools such as static/dynamic code analyzers, SIEM tools, IDS/IPS, firewalls, log managers, patch management tools, and others
  • Maintain a DoD approved IAM Level I or higher baseline certification such as Security+, GSLC, CAP, or GISF. Preferred: CISSP
Turas is a direct placement/FT only technology search firm with clients in the federal and startup space across the US (but centered in DC and Raleigh). We are partners with our clients and work directly with their hiring managers, senior leadership and recruiting/HR. 
this job portal is powered by CATS