BCMC is supporting a U.S. Government customer on a large mission critical development and sustainment program to design, build, deliver, and operate a network operations environment, including introducing new cyber capabilities to address emerging threats. We are seeking a Sr Cyber Security Engineer to support the design, development, and deployment of advanced cybersecurity capabilities.
The Sr Cyber Security Engineer designs, develops, documents, analyzes, tests, integrates, debugs, conducts research and/or discovers and analyzes security flaws or vulnerabilities in software, networks, systems, and applications. The Sr Cyber Security Engineer ensures system security needs are established and maintained for various objects/matters.
Responsibilities:
•Identify Security Requirements for systems.
•Ensure security requirements are planned, implemented, and tested.
•Test and verify requirements are implemented and documented for ATO purposes.
•Manage RMF process to obtain and maintain system ATO.
•Responsible for reviewing and commenting on security risks and security issues related to any Change Requests, Infrastructure Change Requests and Configuration Change Requests
•Analyze output from various security devices and malware and incident reports to improve detection of and to minimize future incidents.
•Assess and analyze system security to identify and mitigate risks and vulnerabilities.
•Recommend countermeasures to mitigate risks and vulnerabilities.
•Prepare/Update documentation, including incident reports, security recommendations, etc.
•Assist in identifying, prioritizing, and coordinating the protection of critical cybersecurity infrastructure and key resources.
•Perform basic system design functions, including interpretive analyses, chart preparation and associated diagrams/enhancement plans.
•Test existing and new technologies.
•Review/analyze requested changes for equipment, technology and/or other factors/trends, which are planned for deployment in the customer space.
•Support the configuration and administration of cyber security tools and systems.
Required Skills:
•U.S. Citizenship
•Must hold an active Secret clearance and be able to obtain a TS/SCI clearance
•Must be able to obtain DHS Suitability
•6 years of applicable experience in cyber security
•Experience with commercial cyber tools and technologies
•Experience with standard security principles, policies, standards and industry best practices
•Experience and knowledge of networking (TCP/IP, topology, sockets and security) and web technologies (Internet security)
•Experience or knowledge of intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
Desired Skills:
•Experience in ServiceNow
•Experience with AWS Security Hub and Guard Duty
•Experience editing /auditing Security Groups, NACLs, or Access-Lists.
•Experience or knowledge of Endpoint Protection/Detection/Response and Extended Detection and Response solution
•Understanding and ideally experience with Windows or Linux/Unix operating systems.
•Experience with Security Event Incident Management (SEIM), Log Correlation and Network Behavior Anomaly detection systems
•Experience and/or familiarity with development languages such as: Java, Swing, JUnit, Perl, Python, HTML
•Demonstrated experience and/or familiarity with VMware and virtual machines.
•Experience with SAFe
•Experience with automated testing tools
•Experience with one or more of the following:
•Security COTS integration
•Security Incident Event Management
•Insider Threat Monitoring
•Operating System hardening tools
•Vulnerability assessment testing
•Penetration Testing
•Dynamic and Static Testing tools operations
•Identification and Authentication schemes
•Public Key Infrastructure and Identity Management
•Cross Domain Solutions
•Computer Network Exploitation (CNE)
•Computer Network Operations (CNO)
•Malware Analysis
•Reverse Software Engineering
•Ability to write custom tools and modify existing intrusion detection tools
Required Education: BS Cyber Engineering, Computer Science, Computer Engineering, Computer Information Systems, OR a related field. Two years of related work experience may be substituted for each year of degree level education.
Desired Certifications:
•Information Systems Security Engineering Professional (ISSEP)
•Certified Ethical Hacker (CEH)
•SANS/GIAC Reverse Engineering Malware (GREM)
•ArcSight Certified Security Analyst (ACSA) or ArcSight Certified Advance Security Analyst (ACASA) - Certified Information Systems Security Professional (CISSP)
DOM 3239
SCE04