Senior Security Engineer

Senior Security Engineer

SUMMARY:

Zermount is looking for a talented Security Engineer who will provide technical hands-on services and compliance support to protect computer systems networks and other digital assets in various environments (on premises cloud and hybrid).

The candidate will work with a team of professionals to design and implement new security measures or update existing ones. This role blends security engineering Zero Trust implementation ATO automation and continuous monitoring optimization.

This will collaborate with collaborate with other Cybersecurity and IT professionals product teams Systems Owners and other stakeholders to strengthen security posture while enabling mission delivery.

DUTIES AND RESPONSIBILITIES:

• Support the implementation of continuous authorization (cATO) model within DevSecOps environments.
• Draft and refine technical SOPs supporting automated control validation
• Assist with the implementation configuration monitoring and reporting of capabilities required to meet the clients cTAO and A&A automation initiatives.
• Contribute to development of repeatable security processes aligned to NIST and agency guidance
• Assist in documenting remediation workflows and continuous monitoring procedures
• Provide technical input to improve efficiency of ATO and ConMon processes

• Develop and integrate with other Cybersecurity workflow to include: ATO Intake assessment and Vulnerability Scanning process.
• Perform security reviews based on RMF controls compliance clients and security best practices.
• Conduct security reviews for initiatives and changes to the cloud infrastructure and systems. Security engineer is an active participant in the cloud technical working groups providing security analysis and providing recommendations.
• Performs architecture design reviews including configuration and log reviews and perform network traffic analyses.
• Produces a SAR Report to include HVAs architecture strengths and findings.
• Designs and deploys native Cloud security services and capabilities in AWS Microsoft Azure and Google Cloud.
• Performs proof of value of Cloud-native COTS 3rd party or opensource security capabilities by hands-on deploying and evaluating against security requirements.
• Develops scripts or code to perform Cloud Security assessments through Cloud native API or SDK.
• Develops enterprise cloud security blueprints to include security in Infrastructure as Code (IaC templates).
• Analyzes the impact of emerging technologies on existing security systems and identifying potential risks
• Researches new and emerging security practices and capabilities such as AI/ML to address compliance and mitigate security risk.
• Assist with the improvement of the clients cloud security posture to include monitoring ingestion of logs such as: API application/database and flow logs into SIEM and ensures maximum vulnerability scanning coverage.
• Develops solutions for integrating findings into a centralized dashboard that allows product owners direct access to teams specific systems or cloud account findings.

• Works with other teams to provide Cybersecurity analysis on proposed operations modifications security impact assessments provides tactical remediations solutions and tradeoff assessments.

REQUIRED SKILLS:

• High level of attention to detail needs minimal guidance effective verbal and written communications.
• Equally adept at operational and technical skills.
• Able to adapt to new and changing requirements or priorities and manage work and resources accordingly.

• At least 5 years of network systems applications cybersecurity engineering or related discipline
• Experience supporting federal civilian FISMA systems
• Working knowledge of:
  • NIST SP 800-53 Rev 5
  • RMF documentation processes
  • FedRAMP Moderate or High environments
  • Continuous monitoring practices
• Hands-on experience with AWS or Azure cloud security configurations
• Experience preparing systems for audit or assessment.
• Experience implementing security in Cloud (AWS required Azure or GCP optional):

• Multi-Cloud Hybrid Cloud IaaS PaaS SaaS shared responsibility model.
• AWS IAM KMS S3 RDS SNS/SQS Organization Guard Duty Security Hub Detective Config CloudTrail CloudWatch Lambda.
• Azure E3/E5 Active Directory Blob Azure Security Center Key Vault SSE Monitor Log Analytics Policy.
• Experience with DevSecOps strategy and implementation and designing architecture in accordance to RMF CSF FISMA and Fedramp.
• Familiarity with: ZTA and SASE Framework ICAM (OKTA) CWPP SOC Operations Vulnerability Threat Management and Compliance.

Education:

Bachelor of Science (or higher) in one of the following: computer engineering computer science IT or Cybersecurity.

CERTIFICATIONS:

At least one of the following certifications is required:

• CISSP CASP CCNP Security CISM CSSLP ISSEP/ISSAP or any other that is approved on the DoD 8140 (IAT) Level III or Information Assurance System Architect and Engineer (IASAE) Level II/III.
• A cloud certification such as CCSP AWS Certified Security - Specialist or Google Professional Cloud Security Engineer is also preferred.

Clearance:

Public Trust

Work Location:

Primary location is Alexandria VA. Remote work is authorized.

Required Experience:

Senior IC