Security Engineer II

The Security Engineer II provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information. Provides technical evaluations of IT systems and assists with making security improvements. Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies and upgrades to improve the organization’s security posture. Understands Information Security Continuous Monitoring (ISCM) concepts and the employ of security automation and risk dashboarding tools and processes to more quickly identify and respond to risk and support more efficient Assessment & Authorization processes such as ongoing authorization. Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Expertise to develop and/or review system authorization documentation in accordance with DoD implementation of the Risk Management Framework (RMF) Experience participating in TIMs on a wide range of PMO security engineering meetings Experience participating in Acquisition program Engineering Milestone Reviews, Experience coordinating with development Contractor security/system engineers and USTRANSCOM/DISA Security Office to resolve program security issues Possess skills to conduct Technical Reviews of development Contractor produced security deliverables Experience performing security activities to maintain authorization of the PMO programs Experience using the DOD Enterprise Mission Assurance Support Service (eMASS) system Experience providing support to ensure PMO system(s) are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOD regulations, USTRANSCOM requirements, and commercial best practice Experience performing vulnerability scans using ACAS, Nessus, and Fortify SCA, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions Experience implementing DISA STIGS and verifying application Experience writing and tracking POA&Ms Experience conducting and evaluating security testing activities including security assessments, audits, and penetration testing Experience supporting operational security activities e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections Experience with security lockdown and/or hardening of servers and network devices Ability to coordinate overall security strategy with multiple agencies, Authorizing Official (AO) representatives Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements The Security Engineer II provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation. Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information. Provides technical evaluations of IT systems and assists with making security improvements. Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies and upgrades to improve the organization’s security posture. Understands Information Security Continuous Monitoring (ISCM) concepts and the employ of security automation and risk dashboarding tools and processes to more quickly identify and respond to risk and support more efficient Assessment & Authorization processes such as ongoing authorization. Conducts testing and audit log reviews to evaluate the effectiveness of current security measures. Expertise to develop and/or review system authorization documentation in accordance with DoD implementation of the Risk Management Framework (RMF) Experience participating in TIMs on a wide range of PMO security engineering meetings Experience participating in Acquisition program Engineering Milestone Reviews, Experience coordinating with development Contractor security/system engineers and USTRANSCOM/DISA Security Office to resolve program security issues Possess skills to conduct Technical Reviews of development Contractor produced security deliverables Experience performing security activities to maintain authorization of the PMO programs Experience using the DOD Enterprise Mission Assurance Support Service (eMASS) system Experience providing support to ensure PMO system(s) are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOD regulations, USTRANSCOM requirements, and commercial best practice Experience performing vulnerability scans using ACAS, Nessus, and Fortify SCA, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions Experience implementing DISA STIGS and verifying application Experience writing and tracking POA&Ms Experience conducting and evaluating security testing activities including security assessments, audits, and penetration testing Experience supporting operational security activities e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections Experience with security lockdown and/or hardening of servers and network devices Ability to coordinate overall security strategy with multiple agencies, Authorizing Official (AO) representatives Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements Job Requirements

Bachelor’s Degree or equivalent experience IAWIP Certification: IAT I, IAT II, IAM I, IAM II. 2+ years’ experience in security engineering Must be a US Citizen with a DoD Secret, or higher, clearance determination. About Us Paragon is a Veteran Owned Small Business (VOSB) with offices near Scott AFB, Illinois and Vienna, Virginia, providing client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our tagline is

“Innovation, Value, and Excellence.” Paragon consistently delivers value-added, client-centric, enterprise governance management, cybersecurity services, and comprehensive information technology services management solutions to our clients. Our team of dedicated professionals provide superior services and support to you while fostering a climate of trust, innovation, efficiency, and customer return on investment with integrity, commitment, and excellence in all that we do. To help us carry out this mission ,

our people are trained professionals who boost our customers’ knowledge and innovation using technology, teamwork, and education. We offer a comprehensive suite of benefits, which include medical, dental, and vision plans, Flexible Spending accounts, life insurance, short- and long-term disability, matching 401k, tuition reimbursement plans, and much more. Paragon is an Equal Opportunity Employer and does not discriminate in employment opportunities or practices on the basis of: race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by country, regional, or local law.

#J-18808-Ljbffr