Job Description Role: Cyber Security Engineer Location: Seaside CA (or) Washington DC Metro - Work from Home allowed - occasional visits to client location required (estimated at 10% - 15%). iWorks Corporation, founded in 2005, is a leading provider of information technology and professional services to the federal government. We are a recognized leader in personnel security and vetting solutions, Agile, DevOps, DevSecOps, data analytics, and cloud solutions. Our continuous process improvement approach, combined with our business and technology expertise, results in innovative solutions. We're a company people like working for and with. Our staff has recognized iWorks as Washington Post Top Workplace for the last three years. We are looking to hire a Cyber Security Engineer with an analytical mind and a detailed understanding of cyber security methodologies. Cyber Security Engineers are expected to have a meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure and deliver on tight deadlines. Your Job: As a Cybersecurity Engineer you will work closely with engineering and IT teams to design, implement, assess, and audit security practices and technical configurations to ensure compliance with internal Foundational Security Principles (FSPs), and contractual controls such as NIST 800-53, NIST 800-171/172, CMMC, RMF. The position will provide opportunities to collaborate with employees across business and functional areas and engage in working groups and communities of practice. Our ideal candidate is a self-starter who can work independently, prioritize work based on the impact to the business, and manage multiple efforts simultaneously. The candidate will possess a broad knowledge of modern technology and security best practices, outstanding analytical skills, attention to detail, and discipline to ensure consistency and accuracy. Excellent verbal and written communication skills are critical to build and maintain relationships with stakeholders. On a day to day basis you will: * Manage security risk and vulnerability remediation. * Support internal and external audit activities. * Lead the resolution of identified information security and data risk issues. * Develop and maintain an asset inventory. * Proactively evaluate proposed changes to avoid negative impacts to risk and compliance. * Provide recommendations for best practice architecture and confirmation options to enable critical business capabilities. * Assist in the development, maintenance, and automation of security, risk, and compliance artifacts, including exceptions and alternative controls implemented to address non-standard use cases. * Manage the data, technology, and automation platform to drive key risk and performance reporting and insights. * Support engineering and IT requests related to security and compliance impacting changes within the target environments. * Keep customers and stakeholders informed of the status, blockers, and completion of changes. * Stay informed of industry changes, trends, and best practices related to information security. * Lead in the testing and design of technology controls. * Lead the initiative to provide continuous analysis and monitoring of implemented controls. * Serve as interpreter and liaison between application developers and technology / security product owners to implement required solutions within the target environments. * Collaborate with technology and security product owners to address the constantly evolving landscape of our lab environments. Required Education/Qualifications: * Current Secret Clearance; Top Secret Clearance * Bachelor of Science in an engineering/technology field with 4+ years of enterprise information security experience across client, infrastructure, application, and data center or cloud platforms. * Experience with eMASS (Enterprise Mission Assurance Support Service). * Experience with STIG checklists and POA&M management * At least 3 years' experience working with Security and Auditing tools for Windows, Linux, and infrastructure operating system such HBSS and ACAS. * Must meet DoD 8570 certifications - IAT Level III or above * Certified Information Systems Security Professional (CISSP) (or Associate) * Certified Information Systems Auditor® (CISA®) * Certified in Risk and Information Systems Control (CRISC) * Organized self-starter with the ability to effectively meet deadlines. * Solid understanding of security best practices, and defense in depth strategies, encompassing multiple platforms (Linux/Unix, Windows, Mac, VMware, Oracle, Azure, AWS). * Ability to interpret vulnerability scans and work with IT and engineering teams to implement timely resolutions. * Familiarity with automation, orchestration, configuration, and endpoint management and automation technologies. * Strong documentation and interpersonal skills. Desired Qualifications: * Possession of an information security industry recognized certification(s): (CISSP, CRISC, CISA)
Report this job