Sr Cyber Security Engineer

Requirements

Description

The ideal candidate will have exceptional verbal and written communication skills and a solid understanding of cybersecurity trends and security risks. They also must have a firm understanding of large scale enterprise IT operations. They will also have experience with cybersecurity in the domains of vulnerability management, malware TTPs, networking protocols, and cyber incident management.

Responsibilities
  • Represents Company to external and/or internal customers where issue analysis of situations or data requires an in-depth knowledge of organizational objectives.
  • Develops solutions to problems of unusual complexity which require a high degree of ingenuity, creativity, and innovativeness. Exercises independent judgment in determining the methods, techniques, and evaluation criteria used in obtaining results. Challenges are frequently unique and solutions may serve as precedent for future decisions.
  • Effects of decisions are long-lasting and heavily influence the future course of the organization. Errors in judgment or failure to achieve results would result in the expenditure of large amounts of company resources.
  • Work is performed without appreciable direction. Exercises considerable latitude in determining objectives and approaches to assignment.
  • Serves as consultant to management and special external spokesperson for the organization on major matters pertaining to its policies, plans, and objectives.
  • Provides technical expertise and professional recommendations, working independently and subject matter experts, to ensure the maximum protection by cybersecurity defenses.
  • Prepare and provide written and verbal recommendations for mitigating cyber risks across a wide array of technologies.
  • Supports numerous cybersecurity technical capabilities and infrastructure onsite and at several remote locations. Assist in new security tools deployment.
  • Document the standard operating procedures for supporting each capability as well as recovering from any system degradation.
  • Provide the requisite training on new capabilities and operational practices to other operations team members.
  • Provide oral and written recommendations, in sufficient detail, to permit the sponsor to make an informed, independent decision on cyber security and threat related issues.
  • Assist the sponsor in clarifying cyber security related policies and procedures, and determining technical solutions for cyber security issues.
  • Promote awareness of cyber security related issues among key decision makers and ensure sound security principles are reflected in sponsors visions and goals.
  • Provide weekly, or more often as required, updates to Cybersecurity Office management on cyber security related issues impacting sponsor and decisions reached.
  • Provide general information security (INFOSEC) support.
  • Conduct research pertaining to the latest cyber security threat vectors and technological advances.
  • Complete technical and security reviews documenting the vulnerabilities and exposures of varying technologies, and potential mitigating techniques and configurations.
  • Assist in the development of and response to Information Technology (IT) security policy.

Apply Now

    Cyber Systems Engineer

    Requirements

    Description

    Project supports the IT engineering team of a major federal customer providing security services including cyber incident response, threat analysis and security operations support. The Cyber Security Engineer will provide technical expertise working independently and/or with other engineers. The primary area of responsibility will be evaluating, integrating, and deploying new cybersecurity tools and capabilities. The individual will evaluate new security technologies and make appropriate recommendations to ensure technical assessment capabilities remain current. The ideal candidate will have a solid understanding of cyber security in the domains of security operations, security architecture, framework and standards, governance, and threat intelligence. This effort will require a skilled Systems Engineer in order to facilitate the implementation of industry standardized and consistent processes in support of systems integration and project management.

    Requirements
    • 4+ years of Information Security, Systems Integration, Network Engineering, or System Engineering experience
    • Strong troubleshooting skills, analytical problem solving ability, and organizational skills
    • Knowledge of the system development life cycle and Project Management Framework.
    • Excellent communication skills in technical, business, and client interactions
    • Experience working in a dynamic and collaborative environment
    • Linux/Unix system engineering and security hardening experience
    • Windows system engineering and security hardening experience
    • Experience configuring and hardening network switches, routers, and firewall
    Duties

    Daily Responsibilities:

    • Serve as technical lead on assigned projects and interface directly with customers during requirements gather, system design, and implementation.
    • Analyze market research and customer requirements; derive high-level system requirements and produce functional and technical requirements.
    • Translate client requirements into major milestones and deliverables
    • Perform system integration activities; Product evaluation, system builds/installation, system assessments, system transition (O&M)
    • Draft supporting system documentation; system design, system diagram, system security plan, etc…

    Highly desired skills

    Experience with IDS/IPS products (Ex: Snort, Suricata, Cisco, ISS, McAfee)· Experience with network devices and boundary protections (Ex: Cisco Switching, Firewalls)· Experience with Packet Capture & Inspection technology (Ex: RSA Security Analytics, Netwitness, Moloch)· Experience working with Automated Dynamic Malware Analysis tools (FireEye)· Experience with Information and Event Management technology (SIEM, Splunk, Syslog, RSyslog)· Experiencing supporting Accreditation and Authorization process. Mitigating compliance audit and vulnerability findings· Experience working with Hypervisor and Virtualization technologies (VMware, Citrix, Microsoft Hyper, Red Hat)· Experience with Domain Service and Central Service management and deployment (Active Directory, DNS, DHCP, WSUS, NTP)

    Apply Now

      Cybersecurity Configuration Engineer

      Requirements

      Location

      Rosslyn, VA

      Labor Category

      Mid. E/A

      Security Clearance

      Secret, Top Secret desired

      Years of experience

      2 +

      Education

      BA / BS

      Certifications

      Preferred Requirements:

      • CompTIA A+, Network +, Security +
      • Microsoft Certified Professional (MCP)
      • RedHat Certified Engineer, Linux +
      • Microsoft Certified Solutions Engineer (MCSE)
      Duties

      Project Overview:
      The Cyber Security Configuration Engineer will also evaluate various technical and policy questions, providing written responses to a wide range of audiences.
      The ideal candidate will have base knowledge of cyber security principles and best practices, familiarity with Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs), a foundational knowledge of Windows and Linux server operating systems, and experience managing Active Directory

      Key Personality traits that will do well in this environment

      • Inquisitive by nature; you know where to look to find answers
      • You enjoy collaboration and sharing information with other highly technical people.

      Daily Responsibilities:

      • Promote awareness of security issues among management and ensure sound security principles are reflected in organizations’ visions and goals.
      • Research security threat vectors and participate in government and industry conferences and training that impact existing standards and/or principles and provide information to customer on potential impact
      • Create bulletins, alerts, and/or advisories related to published or developmental standards and/or principle documents
      • Ensure that rigorous application of information security/information assurance policies, principles, and practices are implemented in the delivery of all IT services.
      • Evaluate a wide array of existing, new, modified, and/or emerging technologies and develop recommended security configuration baselines documents that implement Departmental policy, technical security solutions, and industry best practices in alignment with Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) as much as possible
      • Actively participate in respective change review and control boards, providing written and verbal recommendations
      • Respond to various technical and policy questions from a wide range of customers/users with guidance and clarifications
      • Promote awareness of cybersecurity standards and principles among the customer stakeholders, coworkers, and the Department users
      • Collaborate with fellow team members and various internal and external stakeholders to share information and knowledge to establish and maintain a productive line of communication
      • Streamline processes to improve efficiency of Mission goals
      • Manage information and updates in SharePoint repositories
      • Keep awareness of items involving fellow team members to provide back up support and coverage as needed
      Requirements

      To fit into our environment, you must have these core skills:

      • Clearance at the Secret level
      • Excellent verbal and written communication skills
      • Knowledge of cybersecurity and privacy principles
      • Knowledge of Cyber Security National Policies, Directives, and Laws
      • Knowledge of basic system, network, and OS hardening techniques
      • Knowledge in interpreting functional requirements for projects and proposal
      • 1-3 years’ experience developing and executing research plans
      • 2-3 years’ experience working with Windows Server on an enterprise level
      • 1-3 years’ experience managing Active Directory in a multi-domain environment.

      Desired Skills

      Highly desired skills

      • 2-3 years’ experience working with server/application virtualization on an enterprise level
      • 2-3 years’ experience working with Red Hat Enterprise Linux servers on an enterprise level
      • 2-3 years’ experience engineering/maintaining database infrastructure including SQL and Oracle
      • 1-3 years’ experience working with Active Directory Federation Services (ADFS), Azure Active Directory
      • 1-3 years’ experience developing and managing virtualized IT systems
      • 1-3 years’ experience with networking technologies
      • 1-3 years’ experience with configuration and/or administrating enterprise mobile device deployment

      Apply Now

        Lead Threat Integration

        Requirements

        Location

        saBeltsville, MD

        Security Clearance

        Secret Required

        Years of experience

        5 +

        Education

        Bachelors or equivalent education and related work experience

        Certifications

        Preferred Requirements:

        • CISSP
        • SANS GREM
        • SANS GCIH and/or GCIA
        • Certified Ethical Hacker
        • Basic knowledge of Java, C, and/or C++
        Duties

        Project Overview:
        The Integration Lead’s overall goal is to maintain awareness of, curate, and triage current threats the CIRT should proactively monitor for and respond to. Sources for information would be open source, classified, and via liaison with internal threat intel teams. An excellent verbal communication, reporting and presentation skills is a must.


        Daily Responsibilities:
        Determine the best way for the CIRT to put the information to use. The candidate MUST have an excellent understanding of how a CIRT functions and the typical technologies it leverages. For example:

        • Should an IDS signature be made?
        • What technology do we have, or should we use to detect the threat?
        • Is it sufficient to make CIRT analysts aware of the information or TTP? If so, which teams need to know and how can they use it?
        • Continuously internally evangelize and promote how and why threat information should be and is important in driving CIRT actions
        • Create short situation reports as required.
        • Maintain and regularly update an MS Teams channel dedicated to CIRT/Department of State related Threat intelligence.
        • Assist with developing training opportunities for junior analysts.


        Although the position does not currently have any direct reports, the Threat Lead will be part of the CIRT upper Management team. As such, the position should have a good understanding of how a CIRT functions, and the technologies involved so that they can be leaned on to help move the CIRT forward.

        Apply Now

          Senior Penetration Tester

          Requirements

          Job Description

          Provides Penetration testing and Vulnerability Analysis support to a cabinet level federal agency. Contributes to a team of information assurance professionals working to improve technical security posture. Duties include writing reports, briefing event details to leadership, and coordinating remediation with personnel throughout the globe.Must possess six (6) years of substantive IT knowledge and demonstrate hands-on expertise and/or training in areas of emerging technologies. The candidate must have hands-on experience and expertise with ethical hacking, firewall and intrusion detection/prevention technologies, secure coding practices and threat modeling. Be a selfstarter with, keen analytical skills, curiosity, agility, and adaptability. The ability to work quickly, willingness to work on ad hoc assignments, work independently as needed, strong written and verbal communication skills, and recognizing the importance of being a team player. In addition the candidate must possess the following skill set:

          • Able to conduct Penetration Tests and Vulnerability Analysis using Automated and Manual TTPs.
          • Have an understanding of common Web Application vulnerabilities like SQLi, XSS, CSRF, and HTTP Flooding.
          • Must be able to use at least two of the following proficiently and instruct others on them:
          • Nessus, Burp, Metasploit Framework/Pro, and the Social Engineering Toolkit.
          • Must have solid working experience and knowledge of Windows and Unix/Linux operating system
          • Firm understanding of network and system architecture and analysis. Fundamentals of network routing & switching, assessing network device configurations, and operating systems (Windows/nix) • Scripting (Windows/nix), Bash, Python, Perl or Ruby, Systems Programming
          • Strong familiarity with at least one of the following: OWASP top 10, PTES and NSA Vulnerability and Penetration Testing Standards.
          • Must be able to work alone or in a small group
          Daily Responsibilities
          • Performs Penetration Tests and Vulnerability Analysis on web and other applications, network infrastructure and operating system infrastructures.
          • Briefs executive summary and findings to stakeholders to include Sr. Leadership
          • Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats.
          • Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures.
          • Helps customer perform analysis and mitigation of security vulnerabilities.
          • Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding and network security and encryption.
          • Provide support to incident response teams through capability enhancement and reporting.

          Mentor Jr and Mid staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis.Preferred but not absolutely required:

          • OSCP, GIAC GPEN, GWAPT or other Penetration Testing certifications
          • CISSP
          • Certified Ethical Hacker

          Apply Now

            M&E Specialist

            Requirements

            Job Description

            Full-time mid-level M&E Specialist to provide on-site client support to NEA/AC’s M&E unit.

            Overview

            The Bureau of Near Eastern Affairs’ Assistance Coordination Office (NEA/AC) oversees more than $200 million in foreign assistance funding throughout the Middle East. NEA/AC manages a range of programs, including the Middle East Partnership Initiative (MEPI), Syria, Near East Regional Democracy, Iraq, and the Trans-Saharan Counterterrorism Program (TSCTP).
            In support of NEA/AC programming, Pillar Systems holds a three-year contract to provide evaluation services support by conducting a range of evaluations to determine the effectiveness of NEA/AC programs, systems, and funded grants implemented by local partners. Pillar Systems has completed evaluations of MEPI’s exchanges programming, the Near East Regional Democracy’s use of mobile communications technology, MEPI’s democracy and governance portfolio, and is currently implementing an evaluation of Syria Civil Society programming. This is in addition to providing a team of both on-site and off-site M&E experts to provide routine evaluation assistance.

            Roles and Responsibilities

            Duties include assisting with reporting and data analysis efforts, providing management and support of NEA/AC’s online Performance Reporting System (ACPRS), as well as conducting up to 5 annual independent evaluations and 3 internal reviews (as needed) of current foreign assistance programming. The M&E Specialist will also provide additional analytical products on best practices, known methodologies, and current data and methodological trends on development and countries in the region.

            Qualifications and Education Requirement
            • At least 3 years’ experience in the monitoring and evaluation of United States Government (USG)
            • funded programs in the international development arena, particularly of grant funded projects
            • Masters degree in sociology, social sciences, etc.
            • Demonstrated knowledge of current social science, evaluation and analytical tools and methods required
            • Strong analytical skills, organizational skills, detail orientation, and timeliness of performance
            • Demonstrated excellence in written and verbal communication, and interpersonal skills
            • Proficient in Excel and working with pivot tables
            • Proficient in translating data into compelling visualizations
            • Understanding of data quality standards and methodologies
            • Familiarity with social media metrics and dashboards
            • Experience working on projects in the Middle East and North Africa
            • Active Secret Security Clearance

            Apply Now

              Blog Post Title

              What goes into a blog post? Helpful, industry-specific content that: 1) gives readers a useful takeaway, and 2) shows you’re an industry expert.

              Use your company’s blog posts to opine on current industry topics, humanize your company, and show how your products and services can help people.