Senior Cyber Security Engineer
This position is located within the Information Technology Security Office (ITSO) of the
Department of Technology Services (DTS). As an Information Technology (IT)
Specialist (Security) within the Information Technology Security Office, the candidate is
a recognized IT security expert within the Judiciary with a strong background in cyber
security, network security engineering and a proven record of successfully leading
security architecture activities. The candidate will perform multiple and varying
assignments under the direction of the Chief, Security Engineering Division.
The person selected for this position is recognized as an IT security expert with a strong
background in cyber-security and network security engineering. The ideal candidate will
have a proven record of successfully leading “hands-on” security activities, such as
developing security architectures, assessing management, operational, and technical
controls (including using a variety of freely available and commercial toolkits to
determine the technical health of a system), and providing actionable advice to improve
IT security (especially early on in the systems development lifecycle (SDLC).The
candidate will ensure the confidentiality, integrity, and availability of systems, networks,
and data across the SDLC, and create, promote, and adhere to standardized, repeatable
processes for the delivery of security engineering services.Whether working with national
program offices to create secure system boundaries for critical systems or partnering with
IT stakeholders across the Judiciary to understand and implement secure design patterns,
the candidates will work diligently to educate their stakeholders and motivate them to
embrace solutions that incorporate reasonable, effective, standards-based security
Duties include, but are not limited to the following:
- Security Program Reporting: Analyzes, synthesizes, and reports on the security posture of the Judiciary using data maintained by stakeholders and recorded into DTS’ security risk assessment tool.
- Development Lifecycle Outreach: Engages with program offices in the development phase of national applications to recommend security capabilities, provide technical guidance, and identify existing security controls that can minimize risk. All recommendations are formally recorded, technically accurate, and consistent with IT security best practices.
- Procurement Assistance: Provides technical expertise to program offices in the procurement phase regarding security-related technical evaluation criteria for new procurements.
- Physical Security Coordination: Liaises with the security and facilities staff to share information regarding assessments, cyber threat intelligence, and integration with cybersecurity architectures.
- Technical Expertise: Provides technical expertise combined with knowledge of the Judiciary so that new technologies and architectures are consistent with security best practices and Judiciary policies. Additionally, participates in engineering design reviews and the Judiciary’s change control process to ensure changes are consistent with the Judiciary’s IT security architecture, security requirements, and industry best practices.
- Knowledge Sharing: Promotes secure engineering techniques, principles, architectures, and designs both within ITSO and with the various constituencies it serves. Techniques for doing so include, but are not limited to, authoring white papers, creating and delivering presentations, conducting webinars, and publishing articles to various Judiciary newsletters.
Qualifications required/desired for this position (such as required, preferred specialized experience, education, and certifications):
- Gold-level SANS GIAC Certifications, GCWN, and GCUX or ISC2 CISSP
- Must have 5+ years of experience working in security on enterprise scale projects, 10+ years of total IT experience is required.
- Must have experience in using automated IT risk management systems.
- Must be capable of working with and influencing various business and technical groups to align security strategies with mission support requirements.
- Must have experience designing security architecture roadmaps and documenting architectural decisions.
- Must have experience incorporating data into the decision-making process.