Job Role: Senior Security Engineer

Location: Washington, DC

*** Public Trust Required***

Role Description: The Senior Cybersecurity Engineer is required to have the experience to work closely with other Bureau T&I functions to understand the vision and direction of the information technology program, and can decompose this architecture, and associated use cases, into discrete components that can be addressed from a cybersecurity engineering standpoint. Individuals must be able to understand proposed, and in-place, architectures at a level that enables the identification and understanding of possible security risks, and propose solutions for risk mitigation. From a technical standpoint, individuals should understand:

• Security Baselines (e.g. STIG, CIS, USGCB)


• Zero Trust architecture


• Unified Endpoint Management (e.g. Workspace One)


• Cloud Access Security Brokers (CASB)


• Cloud models (e.g., IaaS, PaaS, SaaS)


• Trusted Internet Connection (TIC)


• Virtual Private Network (VPN)


• Orchestration (e.g. Mesosphere, Kubernets)


• Containerization (e.g docker)


• Enterprise Architecture (e.g. TOGAF, DoDAF)


• Identity and Access Management (e.g. Okta, Sailpoint)

Skills:

• Federal Info Security Mgmt Act (FISMA)


• Individuals must possess hands on experience working with the NIST 800 Special Publication series guidance related to risk management and security control implementation. These may include, but are not limited to: 800-30, 800-37, 800-53, 800-60, 800-63, 800-115, and 800-137.


• Bachelor’s degree in Computer Science or other engineering discipline is required.

Desired Skills:

Individuals must have the ability to take general security configuration baselines (e.g., DISA STIGs, CIS Benchmarks, etc.) and develop customized baselines to meet the agency needs. Furthermore, the individual must be able to translate the low-level security baseline requirements into high-level FISMA/NIST requirements and agency-specific security policy.

A working understanding of the National Vulnerability Database (NVD) and/or Common Vulnerability Enumeration (CVE) is also expected.

Individuals with technical certification preferred (e.g., CCNA, MSCE (Server), RHCSA, EBSA, or ECSS)

Prior hands on experience across a wide-array of technical platforms is necessary, and direct hands on experience is preferred.

Technologies may include, but are not limited to:

• Networking (e.g. Cisco, Juniper, Palo Alto)


• Operating system (e.g. Windows Server, Redhat Linux)


• Cloud (e.g AWS, Azure, Salesforce, Okta, O365, ServiceNow)


• Mobile technologies (e.g iOS, Xen Mobile)