IT Security Engineer

SITEC Consulting, LLC - Annapolis Junction, MD

Full-time

About SITEC:

SITEC is a federal contracting company with a focus in Information Technology (IT) Services located in Annapolis Junction, MD. Our core capabilities are Software and System Engineering, Cloud Engineering, and Cyber Security. We are an employee focused, veteran-owned small business and have strong pipeline for growth. We think this is a great time to join our company and be a part of our growth and development into a leading IT service provider.

***THIS IS FOR TWO (2) POSITIONS - Junior- and Senior-level***

Required:

  • Secret-level clearance (applicants MUST have an active U.S. government-issued clearance)
  • CISSP certification, required
  • Junior-level: Minimum 5 years of experience per the Job Description below
  • Senior-level: Minimum 15 years of experience per the Job Description below

Desired Experience:

  • Security Development lifecycle management;
  • Experience with a variety of Programming Languages including Java, PHP, C, .NET;
  • Experience with various Operating Systems including Windows, Linux and Unix. Network+, CCNA, Linux+, CEH, ECSA, OSCP
  • Experience with application security and testing
  • Experience with web application vulnerability testing
  • DevOps experience

Job Description:

  • Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
  • Conduct audits of completed remediation packages for Plan of Actions and Milestones (POA&M) for completeness and compliance
  • Draft document review and feedback on application of security and privacy requirements (eg. technical review board (TRB), review of SPs, RA’s, contingency plan, POA&M reports).
  • Determine the impact of new technology or policy (e.g., CDM technologies, anomaly based tools, virtual environments, etc.) on the TSA information security program
  • Recommend, develop, and maintain monthly, quarterly, and annual Federal Information Security Management Act (FISMA) reporting documents in TSA’s required format.
  • Maintain and leverage existing Security scan tools and techniques including:
  • Tenable Security Center
  • Nessus
  • DbProtect
  • AppScan Enterprise (including white and black box testing)
  • Venafi
  • RedSeal
  • Burp Suite Pro.
  • Support implementation of new Security scan tools and techniques as necessary.
  • Prepare responses to federal ad hoc reporting requirements. The contractor shall provide to TSA an accomplishment report of Ad hoc Security Engineering services provided.
  • Prepare FISMA Reporting documents quarterly and annually.
  • Report on FISMA Inventory and provide POA&M reports monthly.
  • Develop alternatives of system designs and/or architectures which consider trade-offs between security requirements, functional/operational requirements and cost.
  • Determine the impact of new or changing applicable federal policy changes.
  • Determine the impact of new or revised legislation and regulations (OMB, HIPAA, FISCAM, etc.).
  • Provide security engineering subject matter expertise in coordination with Enterprise Architecture and Technical Review Board to conduct technical review board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms

Job Type: Full-time

Salary: $115,000.00 to $150,000.00 /year

Experience:

  • relevant: 5 years (Required)

License:

  • CISSP (Required)

Security Clearance Required:

  • Secret (Required)

Work Location:

  • One location

Benefits:

  • Health insurance
  • Dental insurance
  • Vision insurance
  • Retirement plan
  • Paid time off
  • Professional development assistance
  • Tuition reimbursement

Schedule:

  • Monday to Friday