Security Engineer
Job Tittle: Senior Security Engineer
Clearance: Secret
Location: Springfield, VA
The Security Engineering Team (SET) is required to provide network maintenance and special projects engineering support. The SET maintains, configures, and installs all supported hardware and software residing within Enterprise Analysis System (EAS) and provides support for all Focused Operations (FO) engineering special projects. This team performs engineering and system administration services on all FO systems located in on premises, in the cloud and in wireless environments. These systems include threat emulation, custom big data analytics, open-source and COTS/Government of the Shelf (GOTS) tools as listed below:
· Cyber Threat Detection Tools
· Case Tracking Tool - (JIRA, Confluence)
· Enterprise Tactical Operations Tool
· eDiscovery and Forensics Tools - EnCase, FTK, Nuix
· Hunting and Threat Emulation Tools - Analysts VM's
· Focused Operations Networks - Palo Alto FW's, Dell Switches
· Threat Detection Tools - McAfee ePO, DTEX
· Other FO Development Projects (As Assigned)
In support of EAS the SET will perform the following tasks:
· Implement automation and orchestration capabilities within the FO environment.
· Design and develop documentation for on-premises and cloud-based solutions provided. Documentation includes standard operating procedures (SOPs), technical documentation, diagrams, etc.
· Provide support for TSA PKI functions, including system administrative support for creating and setting up certificates on systems.
· Must provide analysis related to the design, development, security and integration of hardware/software interfaces and all system level requirements to provide an integrated IT solution.
· Perform health and wellness monitoring of the FO FISMA Systems.
· Perform administration, maintenance, and updates of forensic applications to ensure they remain functional. Ensure that updates to applications and systems shall be carefully planned and scheduled so as to not affect any on-going or active investigations.
· Review the health and well-being of all security technologies including firewall, router, VPN, IDS sensors, proxies, wireless, PKI, and switch changes within FO FISMA Systems. The results of which shall be captured and reported in the monthly Focused Operations Network Health and Wellness Reports deliverable on a monthly basis.
· Travel to locations where EAS devices are located for system administration and/or repair if needed.
· Ensure that all changes required follow the proper Request for Change (RFC) process, have been approved through the appropriate Change Control Board (CCB) and are properly tested before deployment to the production FO FISMA Systems.
· Recommend and implement technologies/changes that will enhance the operations and/or security of the FO FISMA Systems.
· Document all recommendations and changes and provide it to the FO Branch Manager, or his designee.
· Ensure that all TSA change control processes are followed, and all changes are approved prior to implementation.
· Coordinate with other TSA offices to have FO technologies implemented within the TSA Systems.
· Create and deliver Security and Vulnerability Status reports by all systems managed on a monthly basis.
· Administer, review and provide recommendations for the following devices, both hardware and software (Windows, Macintosh and UNIX/Linux based), including laptops, desktops, PDAs, printers, mobile computing devices, mobile electronic media, Active Directory Servers, member servers, other workgroup servers outside of the main Active Directory realm, other technology devices such as forensic write blocking, and imaging for the FO FISMA Systems.
· Assist in the management of all Operating Systems, tools and applications utilized by IAD Security Engineers, as needed.
· Develop integrated system test requirement, strategies, devices and systems.
· Conduct overall system level testing and security testing.
· Design and integrate information security suites, tools, capabilities into delivered solutions to ensure federal and commercial security best practices.
Daily Responsibilities:
· Update tickets in JIRA
· Check ePO server to verify there no issues and make sure antivirus definitions are updated
· Keep WSUS server up-to-date to include approving/declining patches and database maintenance
· Ensure all equipment is functioning as necessary
· Ensure backups are completed and successful
· Attend all meetings scheduled and provide necessary feedback to the team
· Review logs for anomalies
· Remediating/Mitigation of all security issues
· Updating/Creating documentation as needed
· Ensuring that all OLC Training is completed
· Provide input to ISVMs and other requests from the ISSO
· Assist other teams with requirements or issues they may be having
Required Qualifications:
· At least 5 years of experience.
· Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering.
· Currently cleared to the SECRET level preferably with a DHS-agency EOD.
- Experience administering hardware, software, operating systems, and application components of various isolated network environments. These components include Windows workstations/servers, Linux/Unix servers, Mac OSX, Dell, Access Data, and Guidance Software products.
- Strong background in network engineering and systems administration with the ability to maintain systems with 99% uptime requirements (including on-call and weekend support if required).
- Experience developing network architectures, diagrams, security plans, and supporting information assurance
- Troubleshoots problems and provides customer support for software operating systems, middleware and application issues.
- Minimum 5 years of experience with network systems engineering, systems development, and security engineering.
- Designs and stands up security tools, components, applications, and servers that meet production specifications and project schedules.
- Experience with the configuration, installation of Big Data Analytics solutions, Dynamic/Static Malware Analysis systems, enterprise honeynet technologies, and Network/host-based security applications and appliances.
- Participates in large system and subsystem planning and integration projects.
- Writes and updates technical documentation such as user manuals, system documentation, and training materials.
Desired Qualifications:
- Experience in lifecycle engineering with commonly used security tools is required (i.e. Elastic, Splunk, Archer, Cisco, BlueCoat, Linux, HBSS, Mcafee, Tanium, Nessus, ELK)