The Enterprise & Mission Information Technology Group currently has an opening for a Senior Security Engineer to support a Department of State (DoS) Bureau of Information Resource Management (IRM) program. This program provides transparent, interconnected systems and security supporting the DoS in successfully carrying out its U.S. foreign policy mission. IRM provides enterprise architecture design, engineering, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department. Program is named Vanguard 2.2.1 and is an IT consolidation consisting of the Department's servers, mainframes, network devices, network perimeter, anti-virus engineering, public key infrastructure (PKI)/biometrics/encryption, monitoring tools, telephony, mobile computing platform, virtual environment, and enclave design/security engineering.
Description of Duties:
This role supports Security Engineering tasks with an emphasis in designing and implementing perimeter security solutions to meet business, security policy, technical, operational, and management requirements; using a defense-in-depth approach.
- Provide technical subject matter expert (SME) support for coordinating and developing agreements with common control providers, interfacing systems, and their users
- Analyze and provide recommendations for exceptions to enterprise security policy, including CVEs and security lockdown items
- Analyze and make recommendations to the Firewall Advisory Board (FAB)
- Create, test, and/or deploy security configurations for Microsoft Windows
- Gathering requirements, performing gap analysis, developing, and presenting potential solutions, and creating detailed design and implementation plans.
- Integrating security into the design and implementation process to conform to established State Department security standards, policies, and procedures.
- Reviewing evolving security requirements and policies and making recommendations for existing systems to ensure compliance.
- Identifying security architecture and implementation gaps, vulnerabilities, and risks; developing, testing, and implementing solutions to address the gaps, and new or updated requirements.
- Evaluating emerging technology (e.g., social media, mobile computing) and making recommendations.
- Supporting Assessment & Accreditation (A&A) as a security SME, to provide recommendations on meeting required controls.
- Bachelor’s degree in a technical or engineering related discipline, or equivalent experience; and 9+ years of relevant experience.
- Experience with A&A NIST SP 800-53 Rev 4 and CNSSi 1253 security controls, including overlays.
- Experience as a security engineer or systems engineer including systems architecture, requirements analysis, integration, and process execution and evaluation
- Extensive knowledge of network operations and security including but not limited to authentication and authorization solutions, next generation firewalls, antivirus, VPN, routers, ports, protocols and services, and application layer security.
- Experience with system development lifecycle, and early incorporation of security throughout the lifecycle.
- Technology certifications including, but not limited to:
- Cisco Certified Network Associated (CCNA) Security
- Cisco Certified Network Professional (CCNP)
- GIAC Certified Perimeter Protection Analyst (GPPA)
- Security-focused Cisco specialist (e.g., ASA, Cybersecurity, IOS Security)
- Palo Alto Certified Network Security Engineer
- Security certifications including, but not limited to:
- Certified Information Security Systems Professional (CISSP)
- Certified Information Security Manager (CISM)
- Project management experience (PMP is a plus)
- Understanding of, and experience with, the FEDRamp authorization process
- Knowledge of PowerShell, secure coding, application security, and ethical hacking.
- Experience using Xacta 360
- Working knowledge and understanding of Active Directory, System Center, and database management systems.
- Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), and Foreign Affairs Manuals (FAMs).