Information Security Engineer

Job#: 1367084

Job Description:

As an Information Security Engineer, you will work hands on to assess and harden the mission systems to meet DISA compliance.  You will work with the team to develop automated STIGing capabilities utilizing a combination of PowerShell, automated checklist scanning tools, and DevSecOps build pipelines enabling the organization to improve our overall security baseline while reducing the manual checks required.

Responsibilities:

• Perform automated and manual STIG scans.
• Develop and remediate POA&Ms.
• Provides technical Cybersecurity Services to internal and external customers in support of network and information security systems.
• Prepare documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework).
• Recommend system enhancements to improve security deficiencies.
• Secure system configurations and install security tools, scan systems in order to determine compliancy and report results and evaluates products and various aspects of system administration.
• Conduct security program audits and develop solutions to mitigate risks.
• Evaluate, develop and enhance security assessment capabilities.
• Provide assistance in computer incident investigations.
• Perform vulnerability assessments including development of risk mitigation strategies.
• Audit computing and network devices

Requirements:

• An Associates degree and three year’s relevant experience.
• Proficient with Tenable Security Center (SC) and NESSUS; scanning and data analysis.
• Proficient with Trellix ePO server and end products; deployment, configuration, troubleshooting and data analysis.
• Proficient with STIGing tools; SCAP Compliance Checker, STIG Viewer, and Vulnerator.
• Experience with STIGing multiple technologies (i.e., Windows, AD, VMware, RHEL, CISCO, DNS, Palo Alto).
• Secret security clearance.
• IAT level II baseline certification.
• Computing Environment (CE) certification.

Desired Skills:

• Bachelor’s degree or five years’ relevant experience.
• Proficient with using eMASS for managing enclave RMF records.
• Proficient with Powershell or other scripting languages. 
• Experience with Amazon Web Services (AWS) architectures and security.
• Experience with DEVSECOPS.
• Experience with securing Kubernetes, Docker, and containers.
• Experience with Fortify Source Code Analysis and application security.
• Experience with disaster recovery planning, testing, and exercising.
• Experience with incident response planning, testing, and exercising.
• Top Secret security clearance with SCI eligibility.
• IAT Level III baseline certification.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.