Job Descrption
Position Summary
Effectual Systems Security Engineer, Senior are members of the Public Sector Program Management team responsible for ensuring that customer-facing projects are delivered with customer satisfaction. Effectual Systems Security Engineer, Senior are “Brand Ambassadors” and are expected to stay current on leading practices to deliver high-quality, well-conceived solutions to customers.
A Glimpse into the Daily Routine of a Senior Security Engineer
Lead and perform Information Technology Security Services including Security Assessment and Authorization (SA&A), Vulnerability Management, Diagnostics and Mitigation, and Project Management initiatives. Collaborate with teams, external agencies, internal customer teams to maintain a compliant security posture. Provide expert guidance on security and compliance considerations specific to the agency. Respond to security incidents, handle forensics, and enforce compliance with security policies. Collaborate with teams, troubleshoot security issues, and document all activities and findings. Report to higher-ups and maintain a proactive stance to promptly address any unforeseen incidents. Stay updated on emerging security and industry best practices.
Responsibilities
- Works with the ISSO to respond to agency’s Information Security data calls, inquiries, and surveys. Provide proactive communications to agency IT Management or Information Security Program regarding status, issues, or questions
- Participate in and provide notes (if needed) regarding agency OCIO and Security meetings, workgroups, or training events as applicable
- Collaborate with the agency ISSO to provide progress and update reports (weekly, monthly, data calls) includes managing all activities performed or lead by the contractor
- Experience working in IT operations, system administration, applications development, change, and configuration management including asset tracking, backup technologies, and other maintenance procedures
Security Assessment and Authorization (SA&A) Specific Responsibilities:
- Has strong analytical, task management, time management, and communication skills necessary for handling SA&A initiatives, tasks and deadlines affecting the agency environment. Analyze, correlate, and present agency SA&A data from the agency SA&A tools
- Use and build upon existing agency ATO data stored in the agency specific tool to accommodate evolution observing the latest guidance provided by NIST and the agency’s Information Security Program
- Work with the agency’s ISSO to perform and help accomplish scheduled SA&A activities or the development of associated documentation
- Work, collaborates, supports, and assists other agency staff (internal system owners, developers, administrators, and engineers) or external contractor staff (contractor-hosted systems) with the development of their SA&A package documentation and review and revise said documentation for accuracy and quality. Conducting interviews, site walk-throughs, and assessment of security. Documentation activities include - updates to system operation manuals, updates to system inventory lists, evaluation of system status using the agency’s vulnerability management tools, updates to SOPs, creation of forms to support SOPs, and other varied documentation
- Ensure all packages are uploaded to the agency system within the deadlines and timeframes set by the agency. Work and collaborate with the agency’s Information Security Program as they review the agency SA&A packages. Work with the agency staff or external contractor staff to revise documentation,
- Review monthly vulnerability reports provided by external contractor staff for the agency contractor-hosted systems. Work with the contractor staff by monitoring the remediation of critical, high, and medium findings within the agreed-upon timeframe
- Technical writing skills experience writing Contingency Plans, Security Plans, Privacy Impact Assessments, Security Test and Evaluation/Security Control Assessment Plans and report, POA&Ms and analysis and preparation of implementation strategies for new initiatives as introduced by the agency’s Information Security Program
Vulnerability Management Specific Responsibilities:
- Have strong analytical, task management, time management, and communication skills necessary for handling Vulnerability Management initiatives, tasks and deadlines affecting the agency’s environment. Analyze, correlate, and present agency vulnerability data from a variety of agency-hosted tools including the analysis of multilevel security risks and problems and compensating controls to the agency’s IT management and staff
- Work and collaborate with developers, engineers, administrators, and Service Desk technicians to implement security controls necessary to ensure confidentiality, integrity, and availability of information and compliance with agency’s configuration management standards across Linux, Macintosh, and Windows systems
- Collaborate with developers, system owners, system administrators and IT management (both internal and external) in researching vulnerabilities, communicating the details to these partners and IT management, developing action plans, following up and closing out all vulnerabilities by the required agency target or mandated deadlines
- Demonstrate the ability to design, engineer, integrate, configure, and implement system security solutions to provide configuration management for multiple operating systems and varied applications. Work with IT staff to be creative when it becomes necessary to tailor configurations and create/document baseline or custom configurations
- Technical writing skills experience writing SOPs, POA&Ms, policy, mandates, guidance, change management request, business cases, security incident reports, risk waivers, remediation action plans and other SA&A-required documentation
Qualifications
- Minimum Education: Bachelor’s degree in related discipline AND
- Minimum Experience: 4 years’ networking experience preferably specialized cloud technologies OR
- Substitution/Alternative to Minimum Education and Experience: Must have at least 12 years of on-the-job experience
- Security Certifications – CISSP or equivalent
- Must be a US Citizen
- Be able to pass a federal government background investigation
- Must be able to obtain Public Trust Level 5
- Must be able to work on-site (Bethesda, MD) minimum 1 day a week and more as needed by the customer
- Must be able to attend and participate in Security seminars, summits, and/or events
- Deep hands-on experience in Security Assessment & Authorization (SA&A) and Continuous Diagnostics and Mitigation (CDM) initiatives
- Experience in security advisory including security trends, tools, and best practices
- Knowledge of and experience with Tenable Nessus
- Experience with Microsoft Office (Excel, Word, PowerPoint)
- Experience documenting technical requirements
- Proficient at multi-tasking and proactive in work responsibilities
- Superior attention to detail
- Must have strong written and verbal communication skills
- Have IT Management skills
- Work with multiple clients, in parallel
- Work Eastern Standard Time Zone schedule
- Passion for providing great customer service
- Passion for upskilling, certifications, keeping abreast of latest security trends and best practices
Location: Hybrid
Salary Range: $121,000-$148,000
"Salary ranges provided are for informational purposes only and may vary depending on factors such as experience, qualifications, and geographic location. The final salary offer will be determined based on your skills and alignment with the role requirements."
Travel Requirements
The travel requirements for this position may vary depending on our needs. You should be prepared to travel domestically as necessary. Travel frequency and duration will be communicated in advance, allowing for proper planning and coordination. Typically, travel may include attending conferences, client meetings, training sessions, and other business-related events. The ability to travel is essential for fulfilling the responsibilities of this role and supporting our organization's goals and objectives.
Company Offered Benefits
Full-time employees are eligible to participate in our employee benefit programs:
- Medical, dental, and vision health insurances,
- Short term disability, long term disability and life insurances,
- 401k with Company match
- Paid time off (PTO) (120 hours PTO that accrue over one year)
- Paid time off for major holidays (14 days per year)
- These and any other employee benefit offerings are subject to management's discretion and may change at any time.
PHYSICAL DEMANDS AND WORK ENVIRONMENT
The work is generally performed in an office environment. Physical demands include sitting, keyboarding, verbal communication, written communication. Employees are occasionally required to stand; walk; reach with hands and arms; climb or balance; and stoop, kneel, crouch, or crawl. The physical demands described here are representative of those that must be met by an employee to perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions.
This job description may not be inclusive of all assigned duties, responsibilities, or aspects of the job described, and may be amended anytime at the sole discretion of the Employer. Duties and responsibilities are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. This document does not create an employment contract, implied or otherwise, other than an “at will” relationship. Effectual Inc. is an EEO employer and does not discriminate on the basis of any protected classification in its hiring, promoting, or any other job-related opportunity.
Your CV has been submitted successfully.