Senior Security Engineer
2050 M St NW Washington DC, DC 20036 US
Job Description
In this capacity, the Senior Security Engineer will:
- Identify and implement ways to harden systems and reduce the attack surface;
- Secures enterprise information by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures Engineer, implement, and monitor security measures for the protection of computer systems, network, and information;
- Integrate security tasks and activities into system development methodologies (e.g. planning, design, implementation, operations, maintenance, and disposal);
- Identify and verify security requirements are met throughout the process;
- Work closely cross functionally with IT and business teams in driving information security technology strategy; and
- Apply security architecture principles through the system development Lifecycle (SDLC).
Proficiencies:
- Consult on solution architecture for projects to ensure compliance with the security technical architecture;
- Prepare and document secure system development standard operating procedures and protocols;
- Drive and conduct system architectural reviews, secure design reviews, risk assessments and threat assessments;
- Perform vendor technical solution acceptance verification and validation;
- Provide guidance on how systems and endpoints are managed and hardened against security threats and vulnerabilities;
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;
- Assess gaps in existing policy and propose amendments to existing policy or new policy to address these gaps;
- Participate in the development and implementation of enterprise-level technical standards and procedural directives and other guidance materials;
- Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;
- Participates in the development, implementation and review of security controls for the systems under their purview;
- Coordinates with system owners to resolve security issues through system lifecycle; and
- Provides guidance and support to self-testing, security control assessment, preparation of remediation plans, and development of continuous monitoring plans.
Qualifications:
- Have minimum of ten (10 years of experience with cybersecurity or information assurance);
- BS degree in Computer Science or related field (required);
- Thorough understanding of the latest security principles, techniques, and protocols;
- Detailed technical knowledge of network, application, and/or operating system security;
- Hands on experience in security systems, including vulnerability management, identity and access management, security risk assessments, application testing, etc;
- Knowledge related to endpoint and mobile security;
- Strong, track record of implementing security architecture for complex solutions and ability to deliver results through partnering with stakeholders in IT and the business;
- Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management; and
- Experience with secure architecture principals, secure SDLC, security system integration and configurations, and troubleshooting.