Overview

In this role the Security Engineer will work in a team environment and under direction of the government to provide engineering support to secure information technology systems for the organization. The engineer is expected to be a subject matter specialist in identifying and remediating application and systems vulnerabilities, implementing security controls as part of a DevSecOps approach to the application lifecycle management and working with the developers and solutions architects to design and build solutions that meet the advanced security requirements for the client. The engineer in this role will be responsible for supporting security posture, identifying and remediating vulnerabilities, performing threat modeling, implementing threat protection, and responding to security incident escalations. The engineer in this role should be familiar with attack vectors, cyberthreats, incident management, and working with Microsoft Azure, Power Platform and Microsoft 365 services.

Responsibilities

The Security Engineer shall:

• Provide hands-on technical subject matter expertise with respect to setting up and administering Fortify SSC, Fortify Security Assistant IDE Plugin, OWASP ZAP, and Audit Workbench, Microsoft Defender, Microsoft Sentinel, SonaType and other security tools working in the Microsoft Azure, Power Platform and M365 environments.
• Administer applications and users.
• Field troubleshooting questions for developers (i.e., connections to pipelines)
• Field troubleshooting questions for front-end users (testers, security analysts -- "is this a false positive?", etc)
• Work with Project teams to review vulnerabilities.
• Familiar with Windows Server
• Work autonomously in an area of specialization to analyze internal security and provide relevant information to internal and external customers, suppliers, and partners.
• Have skill sets to perform computer incident response and remediation practices as outlined in NIST 800-61 (Computer Security Incident Handling Guide) and DHS 4300A Sensitive Systems Policy Handbook, Attachment F Incident Response. The staff will assist the Security Operation Center (SOC) on incident response actions for security incidents affecting the Cloud environment.
• Assist with the implementation of monitoring capabilities for various audiences – developers, business owners, security, and infrastructure; analyze all platform level, network changes and monitor impact and provide appropriate technical solutions to resolve issues efficiently; evaluate and document operating baseline according to required standards.
• Perform other duties as assigned by the Government.

Qualifications

Each Security Engineer shall have the following qualifications:

• Have and maintain at least one active certification such as CISSP, CCISSP, CEH, CISM, CISA, Cloud , CCSP, or other comparable certification
• Hold Certifications SC-200: Microsoft Security Operations Analyst, and AZ-500: Microsoft Azure Security Technologies
• Minimum of five (5) years of experience in security engineering or security operations
• Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices
• Excellent customer service, analytical, problem solving, team-building, and interpersonal skills
• Ability to work independently and function as an integral part of the team
• Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected
• Listening skills, the ability to detect explicit and implicit needs and wants
• Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
• Proven experience in building consensus and managing cross-functional teams
• Experience with cloud Platform as a Service (PaaS), Software as a Service (SaaS) and other cloud services
• Experience with Continuous Integration (CI)/Continuous Delivery (CD) - Deployment pipeline experience (Jenkins, Ansible, Terraform)
• Experience or a strong knowledge of Data at Rest Application Programing Interface (API) design
• Experience or a strong knowledge of programming languages (Python, Java etc.)
• Experience or a strong knowledge of container/orchestration tools (Kubernetes, Docker, Puppet, etc)
• Have a deep understanding of API Security, Container Security, Cloud Security
• Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
• Contractor shall be staffed in the Washington, DC metropolitan area, unless explicitly approved by the Government PM
• Experience working with NIST SP 800-53, RMF, FISMA, DHS and DoD policies

Clearance Requirements:

• Must have an Active Top Secret clearance or higher, verifiable in DISS

About Acuity Inc

Acuity is a leading management and technology consulting firm that specializes in serving the federal government. Our innovative, collaborative and rewarding work environment has earned repeat honors from the Washington Business Journal’s Best Places to Work and SmartCEO Corporate Culture awards. 

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

#CB 

#LI-MD1