Overview:
Systems Security Engineer (Cybersecurity/Quarantine Release) (RDTE):
Bowhead is seeking an experienced Systems Security Engineer (Cybersecurity/Quarantine Release) to join our team in Dahlgren, VA. The ideal candidate will have a strong background in computer networking concepts and protocols, as well as network security methodologies. The Systems Security Engineer (Cybersecurity/Quarantine Release) will be responsible for identifying and mitigating vulnerabilities in security systems, conducting vulnerability scans, and applying system, network, and operating system hardening techniques.
Responsibilities:
Key Responsibilities:
-
Conducting vulnerability scans and recognizing vulnerabilities in security systems.
-
Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
-
Conducting application vulnerability assessments.
-
Identifying systemic security issues based on the analysis of vulnerability and configuration data.
-
Sharing meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
-
Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability Cybersecurity/Quarantine Release , authentication, non-repudiation).
-
Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution.
-
Performing impact/risk assessments.
-
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
-
Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
-
Ability to cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
-
Ability to apply host/network access controls (e.g., access control list).
-
Ability to use Virtual Private Network (VPN) devices and encryption.
-
Ability to protect a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
-
Must be able to troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
-
Ability to develop insights about the context of an organization’s threat environment
-
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
-
Other duties as assigned
Qualifications:
- High School Diploma or Bachelor's degree.
-
Three to five (3-5) years of relevant experience required
-
Knowledge of computer networking concepts and protocols, and network security methodologies.
-
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust).
-
Knowledge of basic system, network, and OS hardening techniques.
-
Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
-
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
-
Knowledge of application vulnerabilities.
-
Knowledge of system administration, network, and operating system hardening techniques.
-
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
-
Must meet DoD 8570 Information Assurance Technical Level II certification requirements at time of hire.
Preferred Skills:
-
Knowledge of cyber threats and vulnerabilities.
-
Knowledge of specific operational impacts of cybersecurity lapses.
-
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
-
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
-
Knowledge of network traffic analysis methods.
-
Knowledge of Virtual Private Network (VPN) security.
-
Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable
- transmission of undesirable information, or prevent installed systems from operating correctly.
-
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
-
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
-
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
-
Knowledge of application security risks.
Physical Demands:
- Must be able to lift up to 10-20 pounds
- Must be able to stand and walk for prolonged amounts of time
-
Must be able to twist, bend and squat periodically
SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the Top Secret level. US Citizenship is a requirement for Top Secret clearance at this location.