Senior Security Engineer

Baltimore, MD - USA

Monthly Salary: Not Disclosed

Posted on: 11 hours ago

Vacancies: 1 Vacancy

Job Summary

ASSYST is seeking a Senior Security Engineer to support our client in Baltimore Maryland

The Senior Security Engineer will play a critical role in safeguarding mission-critical systems including the Maryland Health Benefit Exchange (MHBE) and ancillary platforms. This position requires deep expertise in cloud security Identity and Access Management (IAM) incident response and compliance frameworks. The specialist will collaborate with DevOps developers and stakeholders to ensure secure reliable and compliant operations across AWS Azure and hybrid environments.

Job Location: Baltimore Maryland (Hybrid)

Responsibilities:

Develop and implement cloud security controls cloud-based processes and tools and cloud security task automation.
Perform security assessments working closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure and finding solutions to provide required functionality securely.
Continuously monitor the Health Benefit Exchange (HBX) and ancillary systems not limited to cloud security operations responding to security issues and escalating as necessary.
Conduct security impact analysis of controls on proposed system changes.
Conduct cloud security assessments and Penetration testing.
Perform Incident Response and Forensics evaluation using security information and event management (SIEM) tools.
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
Review and update systems security documentation and artifacts such as Systems Security Plan Information Security Risk Assessment Privacy Impact Assessment Systems Security Report Correction Action Plan Plan of Action & Milestones (POA& M).
Create and track POA & M requirements for resolving security findings.
Administer cloud-based and physical firewalls.
Deploy and administer Identity and Access Management products in various operating systems.
Perform monitoring and operations of Identity and Access Management implementation.
Design enhancements in Identity and Access Management products ForgeRock and SailPoint.
Maintain monitor and provide operational support for IAM products computer programs systems and other security technologies and revise system design and quality standards.
Make changes to IAM and underline applications for enhancing enterprise security and ensure safe and secure operation to enable access to our systems for our employees contractors consumers and stakeholders.
Perform Security Incident Response and Forensics evaluation using security information and event management (SIEM) tools.
Provide operational support for other security technologies.
Perform account/access management with IAM and other security tools.
Adhere to all security change control and methodologies.

Requirements:

Certifications:
Possess one or more security certifications such as CISSP ISO CSA STAR Cloud Security Advisor CCSE QCS CNA VCP or equivalent.

A minimum of eight (8) years of experience analyzing defining deploying monitoring and administering security requirements and controls for large and mission-critical IT systems.
A minimum of five (5) years performing day-to-day security operations functions including administration troubleshooting and resolution of various security components.
A minimum of four (4) years of hands-on experience in performing cloud security functions.
A minimum of four (4) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of four (4) years of demonstrated production experience using AWS Cloud supporting security operations.
A minimum of four (4) years of experience with administering security for Windows and Linux operating systems.
Experience in performing Security Incident Response and Forensics evaluation with SIEM tools.
Working knowledge of AWS security features such as Security Groups Network Access Control List Firewall WAF Guard Duty Macie CloudTrail CloudWatch Control Tower etc.
Experience with assessment and evaluation of information systems to recommend changes and mitigate threats risks and vulnerabilities.
Demonstrated ability to perform scheduled maintenance activities such as patching performance tuning and backups.
Demonstrated ability to perform user provisioning and de-provisioning activities.
Experience in monitoring the security infrastructure for operational effectiveness.

Preferred Skills:

A minimum of five (5) years of experience implementing administering and monitoring Security Controls and Governance for public-facing complex IT systems.
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications evaluating approved security product capabilities and developing solutions to multilevel security problems.
A minimum of five (5) years of hands-on experience providing operational support for ForgeRock and SailPoint IAM products.
A minimum of five (5) years of experience with the assessment and evaluation of information systems to recommend changes and mitigate threats risks and vulnerabilities.
A minimum of five (5) years of experience conducting Incident Response testing to evaluate processes for detection response and reporting of security incidents.
A minimum of three (3) years of hands-on experience designing developing deploying and administering security policies for health insurance marketplaces or complex health and human services systems.
Experience configuring ForgeRock to enable single sign-on with different applications and implementing password sync across all internal applications.
Experience with configuration and administration of SailPoint and performing tasks such as designing an organizational tree structure and creating provisioning and de-provisioning policies.
Experience implementing ID policies password policies access control lists (ACL) reconciliation service definition the configuration of remote resources workflows password synchronization reconciliation schedules and life cycle management.
Experience in providing detailed configuration and administration for programs such as ACL configuration Group Management and configuration management.
Hands-on experience with troubleshooting investigating operational problems and providing workarounds resolutions and remediations.
Experience working with the Project Management Office (PMO) processes policies and procedures.
Experience developing IT Security roadmaps and execution plans.
Demonstrated technical knowledge of command line utilities running on various platforms including Linux and MS Windows.
Experience with implementation of integration solutions between IAM system and user account repositories such as Active Directory LDAP and Databases.
Experience with Java JavaScript and shell scripts.
Experience assisting organizations meeting NIST SP 800-37 NIST 800-53 IRS
Publication 1075 and MARS-e 2.0 requirements.
Experience with conducting vulnerability management and penetration testing efforts.
Experience in configuring and reviewing ASA and/or Fortinet firewalls.

ASSYST is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race color religion sex age disability military status national origin or any other characteristic protected under federal state or applicable local law

Required Experience:

Senior IC

ASSYST is seeking a Senior Security Engineer to support our client in Baltimore MarylandThe Senior Security Engineer will play a critical role in safeguarding mission-critical systems including the Maryland Health Benefit Exchange (MHBE) and ancillary platforms. This position requires deep expertise...

Develop and implement cloud security controls cloud-based processes and tools and cloud security task automation.
Perform security assessments working closely with DevOps and Developer teams on identifying security and privacy issues in AWS or Azure and finding solutions to provide required functionality securely.
Continuously monitor the Health Benefit Exchange (HBX) and ancillary systems not limited to cloud security operations responding to security issues and escalating as necessary.
Conduct security impact analysis of controls on proposed system changes.
Conduct cloud security assessments and Penetration testing.
Perform Incident Response and Forensics evaluation using security information and event management (SIEM) tools.
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
Review and update systems security documentation and artifacts such as Systems Security Plan Information Security Risk Assessment Privacy Impact Assessment Systems Security Report Correction Action Plan Plan of Action & Milestones (POA& M).
Create and track POA & M requirements for resolving security findings.
Administer cloud-based and physical firewalls.
Deploy and administer Identity and Access Management products in various operating systems.
Perform monitoring and operations of Identity and Access Management implementation.
Design enhancements in Identity and Access Management products ForgeRock and SailPoint.
Maintain monitor and provide operational support for IAM products computer programs systems and other security technologies and revise system design and quality standards.
Make changes to IAM and underline applications for enhancing enterprise security and ensure safe and secure operation to enable access to our systems for our employees contractors consumers and stakeholders.
Perform Security Incident Response and Forensics evaluation using security information and event management (SIEM) tools.
Provide operational support for other security technologies.
Perform account/access management with IAM and other security tools.
Adhere to all security change control and methodologies.

Requirements:

Certifications:
Possess one or more security certifications such as CISSP ISO CSA STAR Cloud Security Advisor CCSE QCS CNA VCP or equivalent.

A minimum of eight (8) years of experience analyzing defining deploying monitoring and administering security requirements and controls for large and mission-critical IT systems.
A minimum of five (5) years performing day-to-day security operations functions including administration troubleshooting and resolution of various security components.
A minimum of four (4) years of hands-on experience in performing cloud security functions.
A minimum of four (4) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of four (4) years of demonstrated production experience using AWS Cloud supporting security operations.
A minimum of four (4) years of experience with administering security for Windows and Linux operating systems.
Experience in performing Security Incident Response and Forensics evaluation with SIEM tools.
Working knowledge of AWS security features such as Security Groups Network Access Control List Firewall WAF Guard Duty Macie CloudTrail CloudWatch Control Tower etc.
Experience with assessment and evaluation of information systems to recommend changes and mitigate threats risks and vulnerabilities.
Demonstrated ability to perform scheduled maintenance activities such as patching performance tuning and backups.
Demonstrated ability to perform user provisioning and de-provisioning activities.
Experience in monitoring the security infrastructure for operational effectiveness.

Preferred Skills:

A minimum of five (5) years of experience implementing administering and monitoring Security Controls and Governance for public-facing complex IT systems.
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications evaluating approved security product capabilities and developing solutions to multilevel security problems.
A minimum of five (5) years of hands-on experience providing operational support for ForgeRock and SailPoint IAM products.
A minimum of five (5) years of experience with the assessment and evaluation of information systems to recommend changes and mitigate threats risks and vulnerabilities.
A minimum of five (5) years of experience conducting Incident Response testing to evaluate processes for detection response and reporting of security incidents.
A minimum of three (3) years of hands-on experience designing developing deploying and administering security policies for health insurance marketplaces or complex health and human services systems.
Experience configuring ForgeRock to enable single sign-on with different applications and implementing password sync across all internal applications.
Experience with configuration and administration of SailPoint and performing tasks such as designing an organizational tree structure and creating provisioning and de-provisioning policies.
Experience implementing ID policies password policies access control lists (ACL) reconciliation service definition the configuration of remote resources workflows password synchronization reconciliation schedules and life cycle management.
Experience in providing detailed configuration and administration for programs such as ACL configuration Group Management and configuration management.
Hands-on experience with troubleshooting investigating operational problems and providing workarounds resolutions and remediations.
Experience working with the Project Management Office (PMO) processes policies and procedures.
Experience developing IT Security roadmaps and execution plans.
Demonstrated technical knowledge of command line utilities running on various platforms including Linux and MS Windows.
Experience with implementation of integration solutions between IAM system and user account repositories such as Active Directory LDAP and Databases.
Experience with Java JavaScript and shell scripts.
Experience assisting organizations meeting NIST SP 800-37 NIST 800-53 IRS
Publication 1075 and MARS-e 2.0 requirements.
Experience with conducting vulnerability management and penetration testing efforts.
Experience in configuring and reviewing ASA and/or Fortinet firewalls.

Required Experience:

Senior IC

Key Skills

Car Driving
Access
CFA
Excel
Irrigation
Marine Services

Apply Now

About Company

ASSYST

Leading digital transformation specialists. Learn about AI program governance, cybersecurity solutions, and Assyst role in government's digital-first initiatives.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click