Security Engineer Job at Dexian - DISYS, Washington DC

di9va2tVdG5xZGpPVlB5SnhFU29YOGxkZHc9PQ==
  • Dexian - DISYS
  • Washington DC

Job Description

Security Engineer Job Description

Notes:

  • Contract
  • Onsite 2-3 days a week in D.C.
  • Need experience with CrowdStrike, sentinel, azure (setting up the tools)
  • Experience with vulnerability scans and Nessus scanning tool
  • Needs experience configuring security policies, access controls, NGFWs etc
  • POA&M updates, security testing
  • Configuration and setup of security tools
  • This is being finalized but NGFW may be Palo Alto. Some tools - CrowdStrike, Nessus etc
  • Must be a US Citizen and able to obtain a Public Trust Clearance



Requirement:

  • Experience with implementing/managing the implementation and configuration of all infrastructure components, applications, hardware, and tools including but not limited to the following:
  • Experience validating intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
  • SE shall provide and recommend computing environment vulnerability corrections.
  • Experience in investigating and remediating security incidents and escalates, reports and provides regular update of the incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment to the GSA IT Incident Response team.
  • SE will receive and analyze security alerts from various sources within the PTT network and determine possible causes of such alerts.
  • SE will evaluate incidents identified by Tier 1 analysts. Use threat intelligence such as updated rules and indicators of compromise (IOCs) to pinpoint affected systems and the extent of the attack.
  • SE shall review cyber defense trend analysis tools, executing remediating and reporting status.
  • Analyze running processes and configs on affected systems. Carry out in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted.
  • Execute strategy for containment and recovery as needed, while evaluating all data points to determine entry point and risk to a system.
  • The SE shall interface with the Office of GSA IT Chief Information Security Officer (CISO) and its Security Operations division, as necessary, to manage and maintain compliance and assurance of systems security objectives.
  • The SE shall working with the PTT team, provide guidance, implementation recommendations, and assistance in developing a DevSecOps paradigm for PTT operational efforts.
  • Restore and recover from a compromise or breach, leveraging Infrastructure as Code (IaC) implementations to quickly bring systems back online.
  • Maintain standard OS, hardening, and baseline configurations using approved images for all devices including network, security, server, storage and end user devices such as laptops and mobile devices that are government furnished.
  • Heavily scrutinize all users, devices, data flows, and requests for access.
  • Log, inspect, and continuously monitor all configuration changes, resource accesses, and network traffic for suspicious activity.
  • Document security controls using the GSA processes and templates. This includes documenting and maintaining security diagrams, plans, procedures, policies, logs, and reports for relevant systems and system components.
  • Provide support, as required, for conducting security tests to validate that required security controls are properly implemented, operate as intended, and produce the desired outcome.
  • Respond, as necessary, to all potentially adverse events within PTT networks and platforms, in coordination with and as advised by the PTT IT Director and GSA CISO.
  • Identify specific security weaknesses on target systems, especially variances from baseline hardening and configurations, and provide recommended techniques and/or improvements to strengthen the security of the target system.
  • Ensure all systems logs are properly captured and included in security monitoring activities per PTT and GSA security standards.
  • Utilize vulnerability assessment to identify unauthorized access points or potential implementation weaknesses.
  • Monitor, prevent, detect, respond, report, and correct the unauthorized release of GSA data utilizing provided tools, processes, and sound security practices.
  • Support the Assessment and Authorization (A&A) process for the PTT systems as necessary. GSA CISO is responsible for overall coordination and management of the A&A process.
  • Support Plan of Actions and Milestones (POA&M) findings and develop and implement remediation. The SE shall work with the ISSO, support to remediate and close open POA&M items in accordance with GSA IT procedural guide POA&M CIO-IT Security-09-44. The SE working with the ISSO shall update open POA&M items weekly or more frequently, as required, due to the nature or severity of the findings.
  • Provide continuous operation and support for the SCIF.
  • Have experience with tools such as CrowdStrike, Microsoft Sentinel, Azure Monitor, Qualys, Splunk and Microsoft Azure platform.
  • Experience to quickly diagnose, respond to, and mitigate security incidents using SD-WAN, NGFW, and SASE tools.

Years of Experience:

  • Minimum of ten (10) years' experience or equivalent combination of education and training that provides for the required knowledge, skills, and abilities in core areas of Security Engineering, SOC Analysis, Security tools configuration and management.

Preferred Education/ Certification

  • Bachelor of Science and Applicable
  • Security Certifications such as CISSP, CISA

Dexian is a leading provider of staffing, IT, and workforce solutions with over 12,000 employees and 70 locations worldwide. As one of the largest IT staffing companies and the 2nd largest minority-owned staffing company in the U.S., Dexian was formed in 2023 through the merger of DISYS and Signature Consultants. Combining the best elements of its core companies, Dexian's platform connects talent, technology, and organizations to produce game-changing results that help everyone achieve their ambitions and goals.

Dexian's brands include Dexian DISYS, Dexian Signature Consultants, Dexian Government Solutions, Dexian Talent Development and Dexian IT Solutions. Visit to learn more.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.

Dexian - DISYS

Job Tags

Contract work, Immediate start, Worldwide, 2 days per week, 3 days per week,

Similar Jobs

Hiring Now!

Restaurant Operations Consultant Job at Hiring Now!

 ...WORKDAY CAREER SITE Join Our Community of Food People! Drive customer business success and deepen relationships by providing consultation on restaurant operations to maximize profitability & gain efficiency. ESSENTIAL DUTIES & RESPONSIBILITIES: Build or deepen key customer... 

Boston Medical Center (BMC)

Registered Nurse - Hemodialysis - Per Diem Job at Boston Medical Center (BMC)

 ...of excellence in all we do, our organization may be a good fit for you. Schedule: Per Diem, As Needed, Non-Benefit Eligible Responsibilities The Hemodialysis Registered Nurse provides care that addresses the specific needs of age groups from infant to elderly... 

Get It Recruit - Educational Services

ESL Teacher - Remote | WFH Job at Get It Recruit - Educational Services

 ...passionate and experienced ESL (English as a Second Language) Teacher to join our dynamic team for the 2024-2025 school year. This part-time virtual position offers flexibility and the chance to make a meaningful impact on students' language development and academic... 

Aveanna Healthcare

Private Duty Nurse - RN Job at Aveanna Healthcare

 ...We are seeking a compassionate and dedicated Registered Nurse (RN) to join our team in Media, PA. As an Aveanna Healthcare RN, you...  ...exposure to blood, bodily fluids and infectious diseases Other Duties Please note this job description is not designed to cover or contain... 

Cipher Tech Solutions

Clearable Forensic Software/Web Developers - FUTURE NEED Job at Cipher Tech Solutions

 ...Development and traditional Software Development combined...  ...applications and develop new applications to customer...  ...(no exceptions) Remote work is not an option...  ...Familiarity with high and low level programming languages...  ...and unit testing For entry-level candidates: Programming...