ISSO/Systems Security Engineer
US-VA-Dahlgren
GS Careers
Req #: 23029
Type: Full-Time
|
|
|||||||||
|
||||||||||
Overview: ISSO/SYSTEMS SECURITY ENGINEER Bowhead is seeking a skilled full-time ISSO/Systems Security Engineer to join our team in Dahlgren, VA. The ideal candidate will have a strong background in computer networking concepts and protocols, as well as network security methodologies. The ISSO/Systems Security Engineer will be responsible for identifying and mitigating vulnerabilities in security systems, conducting vulnerability scans, and applying system, network, and operating system hardening techniques. Responsibilities: Key Responsibilities: * Conducting vulnerability scans and recognizing vulnerabilities in security systems. * Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.). * Conducting application vulnerability assessments. * Identifying systemic security issues based on the analysis of vulnerability and configuration data. * Sharing meaningful insights about the context of an organization's threat environment that improve its risk management posture. * Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). * Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution. * Performing impact/risk assessments. Required Skills: * Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. * Skill in using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.). * Skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). * Skill in conducting application vulnerability assessments. * Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. * Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture. * Ability to cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Tenable Assured Compliance Assessment Solution (ACAS) * Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS) * Skill in applying host/network access controls (e.g., access control list). * Skill in using Virtual Private Network (VPN) devices and encryption. * Skill in securing network communications. * Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). * Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution. * Skill in performing impact/risk assessments. * Skill to develop insights about the context of an organization's threat environment * Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Qualifications: Required: * Knowledge of computer networking concepts and protocols, and network security methodologies. * Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust). * Knowledge of basic system, network, and OS hardening techniques. * Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. * Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. * Knowledge of application vulnerabilities. * Knowledge of system administration, network, and operating system hardening techniques. * Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Preferred: * Knowledge of cyber threats and vulnerabilities. * Knowledge of specific operational impacts of cybersecurity lapses. * Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list). * Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). * Knowledge of network traffic analysis methods. * Knowledge of Virtual Private Network (VPN) security. * Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. * Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). * Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). * Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). * Knowledge of application security risks. Physical Demands: * Must be able to lift up to 10 pounds * Must be able to stand and walk for prolonged amounts of time * Must be able to twist, bend and squat periodically SECURITY CLEARANCE REQUIREMENTS: Must be able to obtain a Top Secret clearance may start with a Secret clearance. US Citizenship is a requirement for Top Secret clearance at this location. #LI-JR1
Share this job:
