Lead Security Engineer - FCC
Lead Security Engineer - FCC
Posted on :
27-08-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Monthly Salary
Not Disclosed
Salary Not Disclosed
Vacancy
1 Vacancy
Posted on :
27-08-2025
Job Description
cFocus Software seeks a Lead Security Engineer to join our program supporting the Federal Communications Commission (FCC). This position is remote
Qualifications:
Duties:
Qualifications:
- Bachelors degree in Information Technology Cybersecurity Computer Science Information Technologies or other related fields
- Top Secret Clearance
- Certified Information Systems Security Professional (CISSP) or Information Systems Security Engineering Professional (ISSEP) certifications required. and Microsoft Certified Cybersecurity Architect Expert
- 7 years of experience performing cyber infrastructure support activities in Enterprise Cybersecurity Support government contracts
- Core competencies in Cybersecurity Engineering practices
- Possess the knowledge skills tasks and capabilities described in the Work Role for Infrastructure Support (PD-WRL-004) as outlined in the NICE Work Role Framework
Duties:
- Support Identity Credential and Access Control Management
- Provide updates and reviews of the FCCs comprehensive Software Bill of Materials (SBOM) for all software components including all open-source third-party and proprietary software.
- Update the SBOM regularly to reflect any changes in the software components including patches updates and new integrations.
- Identify and document any known vulnerabilities associated with the components listed in the SBOM.
- Ensure that all software components comply with relevant security standards and regulations
- Perform static code analysis to identify potential security vulnerabilities coding errors and adherence to coding standards.
- Conduct dynamic code analysis to detect runtime vulnerabilities and ensure software behaves securely under various conditions
- Manually review source code to identify complex security issues that automated tools might miss.
- Provide detailed recommendations for fixing identified vulnerabilities and ensure the development team understands and implements these fixes.
- Maintain thorough documentation of the review process findings and remediation steps for future reference and audits
- Provide both internal and external security testing in which assessors mimic real-world attacks to identify methods for circumventing the security features of an application system and network
- Identify vulnerabilities and weaknesses within FCC systems determining exposure and complexity of exploits.
- Conduct penetration testing of the enterprise IT environment.
- Assess the effectiveness of security controls implemented to protect FCC systems in support of the Authorization Process and Security Impact Analysis through Change Management.
- Mimic attacks of threat actors are defined by the Cyber Threat Intelligence (CTI) Team to assess and improve IT system resilience SOC monitoring effectiveness and tuning security tools within the FCC.
- Perform ad hoc focused pen tests to validate the effectiveness of corrective actions to address identified weaknesses.
- Perform Penetration Testing Services for any internal or public websites and associated systems
- Develop and execute plans that include penetration testing of all OCIO systems.
- Validate remediations by re-testing all Critical and High findings identified through penetration testing.
- Perform network mapping and vulnerability scanning support phishing simulations report findings and make remediation recommendations.
- Develop a Quarterly Penetration Testing Schedule and Annual Internal Penetration Testing Standard Operating Procedures (SOP).
Required Experience:
Senior IC
Employment Type
Full-Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
