Security Engineer - Senior

Job Description

ECS is seeking a Security Engineer - Senior to work in our Washington, DC office. Please Note: This position is contingent upon additional funding.

ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

• Strong written and verbal communication
• Knowledge of secure configuration management (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
• Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
• Knowledge of software
• Knowledge of structured analysis principles and
• Experience designing architectures and
• Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
• Knowledge of the systems engineering
• Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Conduct Privacy Impact Assessments (PIAs) of the application's security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
• Design and develop cybersecurity or cybersecurity-enabled
• Design hardware, operating systems, and software applications to adequately address cybersecurity
• Design or integrate appropriate data backup capabilities into overall system designs and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
• Develop and direct system testing and validation procedures and
• Develop detailed security design documentation for component and interface specifications to support system design and development.
• Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
• Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or
• Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find workarounds for communication protocols that are not interoperable).
• Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
• Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
• Implement security designs for new or existing system(s).
• Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts).
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
• Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Design to security requirements to ensure requirements are met for all systems and/or
• Develop mitigation strategies to address cost, schedule, performance, and security
• Perform security reviews and identify security gaps in
• Trace system requirements to design components and perform gap
• Verify stability, interoperability, portability, and/or scalability of system

Salary Range: $120,000 - $150,000

General Description of Benefits

Required Skills

• Bachelor's degree or higher
• 10+ years' experience in security engineering in mid to large
• Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, system security, network infrastructure, access control, cryptography, assessments and audits, and organizational security
• Active Public Trust clearance or eligible to obtain a Public Trust clearance

Desired Skills

• In-depth knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
• Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools.
• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• Knowledge of network design processes, including understanding of security objectives, operational objectives, and trade-offs.
• Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Experience designing the integration of hardware and software
• Experience in developing and applying security system access
• Skill in discerning the protection needs (i.e., security controls) of information systems and
• Skill in evaluating the adequacy of security designs and conducting reviews of technical
• Skill in the use of design modeling (e.g., unified modeling language).
• Ability to apply secure system design tools, methods and techniques and ensure security practices are followed throughout the acquisition process

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.