What are the responsibilities and job description for the Cybersecurity Engineer position at Elegant Enterprise Wide Solutions?
Place of Performance:Washington, DC 2015
Clearance A Public Trust Tier 2 clearance level is required.
Minimum Qualifications:
- U.S. Citizenship or Permanent Residence Status
- Ability to communicate both orally and in writing with senior level executives
- Ability to meet critical deadlines.
- Expertise in execution and oversight of major federal IT programs
References: Names, email addresses, and telephone numbers of three project references
Specific requirements / Tasks
The Consultant shall perform the following tasks in support of the enterprise cybersecurity environment:
Implement and maintain enterprise security controls aligned with NIST SP 800-53, including access control (AC), configuration management (CM), system and communications protection (SC), audit and accountability (AU), incident response (IR), and system and information integrity (SI) control families.
Enforce Zero Trust Architecture principles in accordance with NIST SP 800-207, including continuous verification of users and devices, identity-centric security, and least privilege access across cloud, network, and endpoint environments.
Design, implement, and maintain least-privilege access controls, including role-based access control (RBAC), privileged access management (PAM), and multi-factor authentication (MFA) across enterprise systems and applications.
Configure and manage identity and access management (IAM) solutions, ensuring secure authentication, authorization, and integration with enterprise identity providers.
Configure and maintain centralized logging, monitoring, and audit capabilities across systems, applications, and cloud platforms, ensuring integration with enterprise SIEM tools and compliance with log retention policies.
Conduct continuous security monitoring, vulnerability assessments, and risk analysis across enterprise environments; identify security gaps and coordinate remediation in alignment with NIST Risk Management Framework (RMF) practices.
Harden systems, applications, and cloud environments using secure configuration baselines and industry best practices, including disabling unnecessary services, enforcing encryption standards, and securing administrative access.
Secure cloud and hybrid environments (e.g., AWS, Azure), including configuration of security services, identity controls, network protections, and workload security.
Identify, manage, and remediate vulnerabilities across systems, applications, and infrastructure, including coordination of patch management and mitigation strategies.
Support incident response activities by monitoring alerts, performing analysis, executing containment actions, and assisting with forensic data collection and reporting.
Implement and maintain segmentation and access control strategies to limit lateral movement and protect sensitive data and high-value assets.
Ensure all security changes follow formal change management processes, including documentation and security impact analysis, in compliance with NIST configuration management requirements.
Develop, implement, and maintain cybersecurity Standard Operating Procedures (SOPs); review and update periodically to reflect evolving threats, technologies, and policies.
Document and maintain system configurations, security baselines, and asset inventories; ensure documentation is current and supports audit readiness.
Perform root cause analysis (RCA) for security incidents and control failures; document findings and implement corrective and preventive actions.
Support automated patch management and security update processes across systems and platforms in accordance with organizational policies.
Support continuous, real-time security monitoring (24/7 operations) through integration with security tools such as SIEM, EDR/XDR, and cloud-native security platforms.
Maintain accurate and up-to-date documentation of security configurations, processes, and procedures to ensure compliance, audit readiness, and operational continuity.
Collaborate with network, cloud, and application teams to resolve security issues, support security integration, and enhance overall enterprise security posture.