Cyber Security Engineer (Secret Clearance Required)

General Dynamics Information Technology - Rosslyn, VA3.8

Full-timeEstimated: $97,000 - $140,000 a year
EducationSkills
Responsibilities:
  • Leading enterprise efforts on risk assessment, detailed technical recommendations and coordination of vulnerability remediation and mitigation strategies.
  • Developing and performing high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, evaluation of policy compliance and threat reporting, and vulnerability analysis of the organization’s overall enterprise security posture.
  • Communicating recommendations to the responsible parties, and engaging in both tracking and verification of their remediation efforts.
  • Building working relationships through consultation and support to effectively complete the computer network defense mission, while acknowledging and respecting stakeholder needs and requirements.
  • Assisting in the analysis, selection, implementation, and/or development of enterprise security tools.
  • Interfacing with vendor support teams to keep abreast of developments within products currently in use.
  • Documenting team processes for use in internal Standard Operating Procedures (SOPs),
and other on-the-shelf documentation of processes for future team reference.
  • Both formulating new and adjusting existing information security metrics for the purpose
of analysis and greater enterprise security posture awareness.
  • Preparing reports and conducting briefings for senior leadership related to both routine
and high profile vulnerability analysis and mitigation.

Required Qualifications:
  • Bachelor’s Degree or equivalent years of experience in a relevant field (e.g.
Cybersecurity, Information Technology, or Computer Science).
  • Minimum five (5) years of experience in information security, information technology, or
related field.
  • Proficiency in Splunk, Tanium, and other enterprise-level data analytics tools.
  • Experience with Windows Desktop, Windows Server and Linux operating systems and
system administration – specifically with regard to patching and compliance.
  • Experience with networking hardware (routers, switches, firewalls) and configurations –
specifically with regard to patching and compliance.
  • A solid understanding of core networking concepts such as DMZs, subnets, VLANs,
private IP addressing and NAT.
  • Proficiency in traditional Information Systems Security Officer (ISSO), Blue Team, or
Red Team network security roles and activities.
  • Experience performing manual and automated analysis of systems and networks, via
enterprise scanning tools such as Nessus or Nexpose, to identify, assess, and mitigate
vulnerabilities to strengthen organizational security posture.
  • Experience performing risk assessments by correlating known vulnerabilities,
understanding of the threat environment, and prioritization to mitigate risk to network
assets, such as through the Risk Management Framework (RMF).
  • Effective written and verbal communications skills to prepare and present security
assessment results to stakeholders, and to further build relationships with them.
  • Experience developing goals, processes and a methodology for effective cyber security
assessments.

Active Secret (Minimum) security clearance.

Desired Qualifications:
  • CompTIA Security+ and/or Network+ certification.
  • EC Council Certified Ethical Hacker (CEH) or CompTIA Advanced Security Practitioner
(CASP) certifications.
  • Certified Information Security Systems Professional (CISSP).
  • 3+ years of experience familiarity with NIST Special Publication 800-53, CVE (Common
Vulnerabilities and Exposures) standards, or related, such as DISA STIGs.
  • Experience with mobile device management solutions (such as Microsoft Intune or
VMware AirWatch) and cloud application security.
  • Experience with project management (e.g. Scaled Agile Framework and SCRUM as a project management frameworks) to ensure stakeholders remain on schedule.
  • Active Secret (Minimum) security clearance.
Desired Qualifications:
  • CompTIA Security+ and/or Network+ certification.
  • EC Council Certified Ethical Hacker (CEH) or CompTIA Advanced Security Practitioner
(CASP) certifications.
  • Certified Information Security Systems Professional (CISSP).
  • 3+ years of experience familiarity with NIST Special Publication 800-53, CVE (Common
Vulnerabilities and Exposures) standards, or related, such as DISA STIGs.
  • Experience with mobile device management solutions (such as Microsoft Intune or
VMware AirWatch) and cloud application security.
  • Experience with project management (e.g. Scaled Agile Framework and SCRUM as a project management frameworks) to ensure stakeholders remain on schedule.
  • Excellent oral and written presentation skills.
  • Experience in developing and leading remediation/ mitigation activities, and building
strategies, status updates, and reporting on those activities.
  • Active Top Secret security clearance.
#CSOSFeaturedArticle

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training, and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs, and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.