The PCAOB has a full-time, regular position for a Senior Cyber Security Engineer in the Office of Information Technology (OIT) at its Ashburn, VA office. As the Senior Cyber Security Engineer, you will be responsible for protecting system boundaries and ensuring that IT systems, applications and network devices are hardened against threats. The position supports the SOC as an advanced escalation point identifying and addressing potential information security incidents. You will utilize your exceptional communication skills to interact with both technical and non-technical colleagues, and to provide technical leadership for your colleagues and the organization.
- Serves as the lead for day-to-day threat identification and vulnerability/risk analysis.
- Perform advanced event and incident analysis, including baseline establishment and trend
- Remain current on cyber security trends and intelligence in order to guide the security analysis & identification capabilities of the SOC team.
- Perform threat, vulnerability, risk assessments, and investigations.
- Responsible for the engineering, design, implementation, maintenance, analysis, and administration of PCAOB security technologies.
- Participate in and lead projects for security requirements, network design reviews, and security testing for PCAOB network, systems, and other IT teams.
- Coordinate with PCAOB systems, network and development team to ensure network security standards are being followed and implemented correctly.
- Evaluate new security technology & emerging threats and provide recommendations to strengthen PCAOB information security environment.
- Coordinates the handling and resolution of incidents of security breach.
- Bachelor’s degree in Computer Science, Information Technology or similar field, or equivalent experience
- 8+ years of information security experience with a focus on network, application and architecture.
- 5+ years of security operations center experience with security monitoring and incident response.
- Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
- Knowledge of email security gateway, cloud and virtual technologies.
- In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
- Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
- Knowledge of the HTTP protocol, including analyzing the request/response.
- Demonstrated experience with commercial and open source testing and auditing tools such as Paros, BURP, nmap, and Metasploit.
Job Type: Full-time
- Security Operations Center: 5 years (Required)
- Information Security: 8 years (Required)