The Senior Information Security Engineer is responsible for maintaining the security and integrity of CSBS and SRR data. The security engineer must have knowledge of every aspect of information security within the company. They ensure that the development and implementation of security requirements and security practices are incorporated throughout the system engineering lifecycle and engineering maintenance of solutions, applications, products, information systems, and network environments to minimize risk to CSBS. The Senior Information Security Engineer maintains currency on attack techniques being used by adversaries and counter-measures against any of the components being engineered into new or updated systems. They engineer and configure host and network firewalls, logging, and Intrusion Prevention Systems/Intrusion Detection Systems (IPS/IDS) at the highest appropriate level of security, and implement automated monitoring of configurations, patching, access controls and role delegations, application white listing, and other security measures to give system and network administrators daily actions to maintain the highest possible level of security and ensure that those actions are being performed. The Engineer uses knowledge about current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, and systems, and applications. They translate technology and environmental conditions (e.g., law and regulation) into system and security designs and processes and assess systems for shortcomings related to business requirements, functionality, or policy compliance and develops and documents steps to mitigate. They also evaluate functional requirements and develop customer-oriented solutions. The Senior Information Security Engineer rapidly adjusts designs and program solutions based on new threat and attack information and ensures security components are included into new product releases. The Security Engineer applies software engineering methodologies, system/security engineering principles, secure design, secure architecture, secure coding, and system design and development techniques (e.g., scripting, programming, coding).
To perform this job successfully, an individual must be able to perform each essential duty and responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential functions. Other duties may be assigned to meet business needs.
Work includes performing vulnerability analysis and assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. They measure effectiveness of defense-in-depth architecture against known vulnerabilities. The following specific tasks are performed:
- The Senior Information Security Engineer should be familiar with the NIST Cyber Security Framework.
- Responsible for insuring all networks have adequate security to prevent unauthorized access. Experience in configuring firewalls, access control list (ACLs), Network IDS/IP, Host IDS/IPS, DLP, etc.
- Produce compliance reports using the tools that would satisfy FISMA, CJIS and PCI compliance requirements.
- Provide engineering guidance in the outsourced MSSP operation of firewalls, intrusion detection systems, enterprise anti-virus and log monitoring tools (SIEM).
- Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives
- Conduct and/or support authorized penetration testing on enterprise network assets
- Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions
- Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
- Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
- Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews
- Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
- Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes)
- Implement security controls approved by management
- Apply and execute the appropriate systems engineering, program protection and certification-related policies, principles, and practices across all levels and phases of the development lifecycle to increase the level of confidence that a system functions as intended, is free from exploitable vulnerabilities, and protects critical program functions and information.
- Execute the program protection during development
- Analyze and assist engineering and program management with program protection requirements analysis.
- Identify the security architecture boundary and characterize the attack surface.
- Translate security controls and requirements into system specification requirements.
- Update program protection actions and strategies in the security plan.
- Implement system security solutions consistent with approved system security architectures.
- Obtain interim approval to test or approval to operate as appropriate for test.
- Coordinate and conduct system security and cybersecurity developmental test and evaluation.
- Employ procedures, methods, and tools for identifying, representing, and formally assessing the important aspects of alternative decisions (options) to make an optimum (i.e., the best possible) decision. Prepare decision analysis
- Identify stakeholder and technical requirements, as well as assumptions to establish the overall decision context.
- Frame the decision in terms of supporting program / project objectives.
- Identify methods and tools to be used in the decision analysis.
- Monitor industry trends for changes in physical and cyber security challenges and implement planning, policy and procedure changes in response.
- Contribute to industry and government forums that develop industry guidance and regulations regarding security practices.
To perform this job successfully, an individual should possess the knowledge, skills, and abilities listed and meet the amount of education, training and/or work experience required.
Education & Certification
- Bachelor’s degree or equivalent experience in an information technology or information security discipline.
- Certifications: CEH, CISSP, GIAC, CISA, CISM, SANS or equivalent certification required
- 10+ years of experience in information security with expertise configuring and using vulnerability and compliance assessment tools, firewalls, DNS, Network & Host IDS/IPS systems, Network & Host DLP, VPN, web application firewalls (WAFs), OS hardening, multi-factor authentication, encryption key management, database security controls, and network segmentation. Experience with security on Windows and RHEL Linux systems preferred.
- Experience with security controls for an Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) cloud paradigms.
- Must be able to obtain or currently possess a U.S. Government clearance at the Public Trust Moderate (MBI) level or higher.
- Must be a United States Citizen or a Legal Permanent Resident (LPR) with at least three (3) years of consecutive residence in the United States as indicated on the United States Citizenship and Immigration services (USCIS) LPR issued card.
Knowledge, Skills and Abilities
- Experience working with leading firewall (such as Juniper ScreenOS Firewalls, Cisco ASA, Sophos UTM), intrusion detection technologies (SourceFire/Snort, Sophos UTM).
- Experience working with log monitoring and SIEM tools (McAfee Nitro, Splunk) and file integrity monitoring tools.
- Experience working with data loss prevention technologies and tools.
- Knowledge of securing servers (Linux and Windows); desktop systems (Win10) and networks (Cisco, Juniper, Netscreen).
- Experience applying security to virtual platforms.
- Knowledge of mobile security and MDM.
- Cloud security concepts and protection. Experience with AWS Security and IDM is a huge plus.
- Knowledge of common application vulnerabilities, current threat vectors and mitigations.
- Participate in the enterprise Incident Response Plan and participate in incident response activities.
- Ability to work in a team environment. Effective working with matrix teams across organizational structure.
- Ability to work with external service providers.
- Ability to work calmly during stressful circumstances.
- Strong interpersonal and communication skills.
- Ability to work in fast paced environment managing multiple tasks driven by multiple deadlines.
- Must be dependable due to operational nature of work. Occasional, but infrequent off-hours work may be needed to respond to critical operational issues.
Values Instilled Behaviors for Excellence
Member/ Customer Service
- Capability to build and value relationships
- Ability to prioritize work
- Advocate and advance member's goals
- Ability to give credit to others
- Have a “pitch in” attitude
- Learns from successes and setbacks
- Listens and learns from others
- Speaks the truth even when uncomfortable
- Ability to honor the expertise of others
- Recognizes the contributions of others
- Ability to consult and communication effectively
- Desires to make others successful
- Ability to preserve through adversity
- Willingness to experiment and take risks
- Plans ahead and is a forward thinking individual
Achievement Oriented Thinking
- Is a solutions-oriented thinker
- Has good time management skills
- Manages expectations of what is achievable
- Asks questions and takes ownership for understanding why the change is happening and the risk of not changing actively
- Adopts the new habits, monitors own performance and checks self against the objectives and seeks help when they don’t match
- Identifies and mitigates obstacles
- Asks for and openly accepts feedback
- Recognizes and understands one’s moods, emotions and drives, as well as their effect on others
- Leaves room for doubt – realizes there is always room to grow