Cyber Security InfoSec Engineer – Chantilly, VA
Referral bonus:
- Even if you do not work for Talos Consulting, we will pay you $10,000 for any referral we hire!
Clearance requirement:
- Active TS/SCI clearance with polygraph
Salary:
- $160,000-$245,000/year
Job Description
Leidos is seeking an Information Systems Security Engineer (ISSE) for a technical development program supporting cloud-based applications, and its associated cloud infrastructure located on a highly secure network. The ISSE will work with a large team of developers, system engineers, DevOps engineers, database administrators, and system architects.
Core business hours for the team are from 9 AM to 3 PM daily – exceptions outside of those hours for the candidate may be negotiated in consultation with management.
The typical day for an ISSE supporting the cloud-based applications is as follows:
· The ISSE will participate in the team’s regularly scheduled Agile tag up (scrum) meetings and report on the status of their assigned Jira issues
· Attend ad-hoc TEMs with the team to discuss and weigh in on numerous architectural aspects of the systems for assessing security impacts that may arise with system changes
· Assist with and/or lead security scans of the systems and report and analyze findings for impacts
· Review any security findings (CVEs) as noted by outside entities for system impact analysis and how best to proceed with addressing them
· Participate in team TEMs and review future system changes/new features for security impacts
Primary Responsibilities
· Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
· Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines
· Participate in creating secure architectures and designs
· Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
· Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements
· Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts
· Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
· Performing vulnerability scanning and analysis of the system
· Perform remediation and develop security implementations based on security findings
· Interface with Information System Security Managers (ISSM) to develop and accredit the system
· Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief management
Required Qualifications
· Experience level: 6-10 years (senior)
· Active TS/SCI with Polygraph
· Typically requires a Bachelor of Science (BS) degree, or relevant demonstrable experience
· Other qualifications:
o Hands on experience with Linux (CLI)
o Hands on experience with scripting and programming languages like BASH and Python
o Solid understanding of, experience with networking (e.g., ports, routing tables, subnets, VPNs, firewalls, routers, etc.) to include design, integration and troubleshooting issues
o Experience in working on teams utilizing Agile workflows and processes
o Strong understanding of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and Common Vulnerabilities and Exposures (CVEs)
o Experience with RMF workflow tools
o Strong communication, organizational, and writing skills
§ Must be able to clearly and directly articulate their findings and recommendations.
§ Must be open minded to considering alternative approaches to possible security issues noted by other team members
Desired Qualifications
· Relevant IT certifications (e.g., CISSP, AWS Cloud Practitioner, AWS Cloud Security, AI security, etc.)
· Experience working with Infrastructure as Code (IaC) solutions such as Ansible / Terraform, or other configuration and automation tools
· Experience in working in a cloud-based environment (AWS)