Security Engineer III with Security Clearance

At Agile Defense we know that action defines the outcome and new challenges require new solutions. That's why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next. Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility-leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation's vital interests. Requisition #: 290 Job Title: Security Engineer III Location: 1155 21st St NW Washington, District of Columbia 20581 Clearance Level: Active DoD - Public Trust Required Certification(s): • Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.) SUMMARY XOR Security, an Agile Defense Company is currently seeking a talented Senior Network Security Engineer to support Agency-level Cybersecurity Program to streamline the current Architecture and Engineering approach with a focus on roadmap planning. The ideal candidate enjoys activities defined to be "as is" and "to be" architectures including the business, data, application and technology layers along with a high-level implementation plan. The ideal candidate will play a pivotal role in shaping the CFTC's cybersecurity strategy, providing support to understand and develop system requirements and technical solutions based on the CFTC system architectures as follows: Support the maturation of CFTC's enterprise architecture to align with the: Commission's information security and risks to the organizational operations, organizational assets, and individuals You will support the government in all aspects of planning, designing, implementing, optimizing, and troubleshooting the network security system to improve the organization's efficiency and resiliency. You will further support the government in protecting the network from threats that could attack it, including existing dangers, mishaps, and malicious attacks. You will develop alternative system designs and architectures and consider trade-offs between security requirements, functional/operational requirements, and cost. You will review and describe the impact of new or changing federal policies. You will review and describe the impact of new or revised legislation and regulations (OMB, DHS, FISMA, and more). In coordination with Enterprise Architecture and the Architecture Review Board, you will provide cybersecurity engineering expertise to conduct technical analysis of board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms. As a cybersecurity engineer, you will be at the forefront of technology, conducting research and presenting analyses to evaluate and/or identify and describe emerging industry technology trends, government agency best practices, and security issues. JOB DUTIES AND RESPONSIBILITIES • Excellent communication skills, facilitating activities across organizational boundaries and communicating with technical staff, line management, and senior executives. • Provide technical representation in cross-organizational meetings, including external vendor meetings, architecture review boards, change control boards, and project team meetings. • Demonstrate ability to work with project leads and developers to identify change scopes and requirements, manage code, schedule code deployment activities, deploy code, and validate satisfactorily met requirements. • Demonstrate an ability to simplify complex problems using innovative concepts and automation methods. • To be successful in this role, you must have a hands-on security engineering and networking background, such as deploying applications in an enterprise environment, networks, routers, switches, and firewalls. • You must understand various identity services, networks, processing platforms, operating systems, middleware, web services and applications, data technologies, and security technologies. • Work cross-functionally to understand CFTC's use of IoT, ICS, VOIP, VTC technologies, AWS, Azure, and ServiceNow cloud environments. • Must remain knowledgeable on converging zero trust concepts, capabilities, and technologies. • Must remain knowledgeable of Cloud Service Providers (Azure, AWS, ServiceNow, M365, other SaaS environments), their service offering, and security best practices for each service offering. • Must remain knowledgeable on existing FedRAMP IaaS, PaaS, and SaaS and converging FedRAMP Ready service offerings. • Must remain knowledgeable of Laws, regulatory requirements, DHS directives, and agency policies, demonstrating an ability to apply the context of assigned job responsibilities. • Must remain knowledgeable of Cybersecurity and Infrastructure Security Agency (CISA) frameworks and models, ensuring security requirement alignment to implemented technologies. • Must remain knowledgeable of NIST standards and ensure standards are adhered to for new technologies and products. • Must maintain an ability to perform security assessments of a wide array of environments, technologies, and products. • Must demonstrate an ability to assess planned technology changes and determine interdependencies and impact on interconnected components. • Must demonstrate an ability to identify relevant security controls impacted by each change and prescribe security methods and mechanisms. • Must demonstrate an ability to identify potential threats associated with technological changes and articulate threat mitigations. • Must demonstrate an ability to identify risks associated with technological changes and articulate those risks. • Must demonstrate an ability to identify vulnerabilities associated with technological changes and articulate prescribed mitigations. • Must demonstrate an ability to manage firewalls and ensure rules are configured to prevent violability of the network explicitly. • Must demonstrate the ability to work with engineering team members to analyze, verify, and divest potentially no longer needed rules. • Must demonstrate the ability to use Visual Studio Server and follow detailed instructions for code deployments into production environments. • Must demonstrate the ability to use security tools to identify weak ciphers and coordinate with project teams to divest weaker ciphers and replace them with current ciphers in support of Post Quantum Cryptography efforts. • Must demonstrate an ability to use security tools to: • Identify the assets within system boundaries, verify ports protocols and services, verify security controls and posture, and implement security mechanisms. • Validate architectural changes, identify external communications paths and internal communications dependencies, validate system compliance and vulnerability findings, and validate credentialed access to information systems and components. • Must demonstrate ability to facilitate working groups with system owners, project teams, information system security officers, and security control assessors. • Must demonstrate the ability to provide comprehensive and accurate assets, ports, protocols, services, and architecture diagrams as evidentiary artifacts to support system boundaries. • Must demonstrate the ability to extract, munge, and analyze large amounts of data from security and network management tools. • Must demonstrate advanced ability to work with APIs, Excel, PowerBI, and other tools to render data into visualizations that are comprehensive and easy to understand. QUALIFICATIONS Required Certifications • Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.) Education, Background, and Years of Experience • Bachelor's Degree required (preferred Computer Science, Data Analytics, Business Information Systems, Mathematics, Statistics, or equivalent). • Seven (7) years or more direct, hands-on, experience and expertise in a specific domain area. ADDITIONAL SKILLS & QUALIFICATIONS Required Skills • Serves as subject matter expert, possessing in-depth knowledge of a particular area, such as information security, cloud security, systems engineering, big data, or the various sciences related to enterprise technology. • Provides technical knowledge and analysis of highly specialized applications and operational environments, high-level functional systems analysis, design, integration, security, implementation advice on exceptionally complex problems that need extensive knowledge of the subject matter for effective implementation. • Participates as needed in all phases of system and software development with emphasis on the planning, analysis, security, testing, integration, documentation, and presentation phases. • Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, advanced software, systems and security principles and methods to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions. Preferred Skills • Visual Studio, C#, Scripting (Bash, Batch, WMI, PowerShell, KQL) • Familiar with Network Protocols (SSH, Secure FTP, TLS/SSL) and network encryption algorithms. • Strong Excel background using VLOOKUPS and other functions to parse and aggregate data. • Strong research and presentation skills • Ability to facilitate meetings and discussions for an audience with a wide range of technical skills (from very technical-to-no technical background). • Familiar with network security tools like (ExtraHop, Sentinel, CrowdStrike, and more) WORKING CONDITIONS