ECS is seeking a Security Engineer to work in our Washington D.C. office.
The Security Engineer will specialize in the Risk Management Framework and System Authority to Operate. The role will provide guidance in the implementation of system specific features and security controls to ensure a healthy security posture and effective compliance with federal requirements.
The Security Engineer should have experience with working in a highly technical environment, be well versed in the current state of Information Security, and be able to interpret security requirements of relevant governing bodies (NIST, OMB, DHS, etc.) This person will interface with federal employees and contractors to perform required support activities.
Responsibilities will include:
- Assess how a new technology impacts the security posture of the Enterprise
- Enforce policies and guidelines as outlined within NIST SP 800-53, DHS 4300A, DHS 4300B Sensitive Systems Policy
- Provide guidance in the implementation of system specific features and security controls to ensure effective compliance with federal requirements
- Promote a healthy security posture for the implementation team and key stakeholders
- Provide IT security consultation to system owners on security incident reports, equipment/software inventories, technical vulnerability reports, and contingency plans
- Perform the necessary review, analysis, and reporting of key system attributes, weaknesses, and changes to the Information Systems Security Manager, System Owner, and Department Risk Management body to support the Continuous Monitoring of supported systems
- Initiate, track, and manage the creation, opening, and closure of weaknesses via Department prescribed Plan of Action & Milestone (POAM) processes and procedures
- Effectively communicate the risk and security posture to the Information Systems Security Manager, System Owner, Key Stakeholders, and consumers of security controls within your purview
- Report IT security incidents in accordance with established policies and procedures
- Understanding of security Frameworks - Zero Trust security framework knowledge is a plus
Experience with working in a highly technical environment, be well versed in the current state of Information Security, and be able to interpret security requirements of relevant governing bodies (NIST, OMB, DHS, etc.) The SE will interface with federal employees and contractors to perform required support activities. Required Skills:
- Must be a US Citizen
- Bachelor's Degree in an IT related field
- Must be able to obtain a Public Trust Clearance
- Minimum of seven (7) years' experience in application security engineering support.
- Security Certification: CISSP
- Knowledge of Federal Government Authorization processes (NIST 800-53, DHS 4300A, DIACAP).
- Technical Certification (one or more of the following), AWS, Azure, CCNP, MCSE
- Understanding of the DHS security engineering experience.
- Certifications and direct applicable experience in CEH, Amazon, Microsoft, Linux and Cloud.
- Direct government experience engineering and integrating secure solutions in cloud, data centers, networks, applications using Linux, windows, identity solutions, databases, firewalls, and networks appliances.
- Experience with Information Assurance Compliance tools (XACT, TAF, etc.)
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.