Senior Security Engineer

for VariQ Corporation in Washington, DC

Report
Skills:
Security Engineering, risk mitigation, SDLC, Cybersecurity, security assessment and authorization, SA&A, test plans, test reports 
Location:
Washington, DC
Area Code:
202 
Travel Req:
none 
Telecommute:
no 
Pay Rate:
Negotiable 
Tax Term:
FULLTIME 
Length:
 
Posted:
4-19-2014 
Position ID:
201311013 
Dice ID:
10286792 

We are looking for a Senior Security Engineer to support our client, The Consumer Financial Protection Bureau in Washington DC Metropolitan Area. Must have an active Public Trust. 

JOB DESCRIPTION
Requirements:
* Provide technical expertise across agency initiatives to ensure a secure enterprise that includes internal systems, cloud services and external/third-party service provider systems

* Assist in the cost analysis for risk mitigation as required
➢ The Contractor shall support the engineering effort required to implement interventions identified in the SAR, RAR and ASSR. Where appropriate, the Contractor shall attend meetings, review product selection options, and review and recommend hardware and software configuration changes. Where technical mitigations are not necessary or appropriate, the Contractor shall develop and/or modify the procedures to ensure mitigating security controls are accounted for and implemented.

* Conduct on-going security engineering analyses of the enterprise and application architectures whenever changes are proposed or problems are found and document the results of these on-going security engineering analyses in reports to the Government. On-going security engineering analyses shall include, but not be limited to:
➢ A continuous assessment of the data passed to and from the respective system.
➢ Developing, documenting and assisting in relaying security requirements for the proposed change or problem to the project stakeholders.
➢ Reviewing, analyzing, and commenting on project-delivered documents in support of the CFPB Software/System Development Lifecycle (SDLC).
o The current SDLC is an evolving process that matures with the Bureau. In its current state, the SDLC includes a traditional waterfall path and is piloting an agile path.
➢ Attending meetings, briefings, etc. to evaluate the ongoing work effort of projects relative to security.
➢ Evaluating security products already in use and those proposed for use, including an analysis of the individual product, its integration into the overall architecture, its interaction with other products, and its interaction with known products external to which will interface with. As a result of this evaluation, the Contractor shall provide a report including recommendations.
➢ Working with the Cybersecurity team and the project teams to ensure that requisite security capabilities are adequately and appropriately accounted for in designs and applicable architectures.

* The candidate shall provide information security engineering support to ongoing efforts to maintain the security assessment and authorization (SA&A) of a designated system or service. Such support shall include annual reviews and updates throughout the life of this contract of existing policies, procedures, and certification documents, information architecture, information system security configuration, services provided, security software currently employed, system administration security practices, security monitoring and analysis, communication protocols, and remote connection capabilities.

* Preferred Security Engineer will have minimum of 15 years of related work experience.

Expected Deliverables performed by the Security Engineer:
* Analysis Reports
* Security Engineering Analysis
* Security Product Evaluation
* Technical Architectural Assessments and Recommendations Report
* Security Test Plans
* Security Test Reports

***When submitting resumes, please be sure to include and highlight your qualifications related to the position so that your application will not be rejected by the system.***

VariQ Corporation