News Article

Vacancy: Security Engineer

Dec 21, 2020

Overview

OmniSystems has an exciting opportunity for a Security Engineer in Frederick, MD. The Security Engineer acts as a lead consultant, interfacing between the customer and IT security team. The ideal candidate is detail oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for planning, developing, finalizing, and reviewing key deliverables for the customer and other stakeholders. As a result, a strong understanding of standards and requirements outlined by FISMA, NIST, OMB and other federal guidelines is required. The Security Engineer will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), and working with the consulting team to develop and manage security documentation throughout the system lifecycle in support of FISMA requirements. This includes, but is not limited to; system security plans, system boundary documents, contingency plans, disaster recovery plans, incident response plans, security impact analyses, POA&Ms, vulnerability assessment reports, and any other necessary documents to support a system’s authority to operate (ATO).

LOCATION: Frederick, MD

JOB STATUS: Full time

SECURITY CLEARANCE: The ability to obtain a Dept. of Education 6C Security Clearance

EDUCATION: BA/BS degree in information systems, computer science, or 6 years' experience

CERTIFICATIONS: The Ideal candidate will have one or more of the following certifications: CISSP, CISM, CEH, CISA, CompTIA Sec+, CAP

OTHER QUALIFICATIONS/SKILLS:

  • Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment.
  • Understanding of Cloud platforms (PaaS, SaaS, IaaS) and protections as described in FedRAMP.
    • Familiarity with AWS and Azure platforms preferred
  • Assess/audit systems to analyze risk and report on identified weaknesses.
  • Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.
  • Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.
  • Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies -- behavioral based a plus).
  • Knowledge of LAN/WAN design and general networking technologies.
  • Knowledge of Windows operating systems.
  • Familiarity with security tool sets:
    • Host/ Network vulnerability scanners (Nessus, Qualys)
    • Web App scanning (Qualys WAS, Web Inspect)
    • Static Code Analysis (HP Fortify SCA)
  • Configuration standards (CIS Benchmarks, DISA STIGS)

RESPONSIBILITIES:

  • Responsible for the development of security artifacts and/or standards and policies across multiple IT platforms
  • Possesses an understanding of capabilities associated with security monitoring products across all IT platforms.
  • Ensures that all policies reflect current standards in place including FISMA and other industry standards.
  • Monitors compliance and conducts periodic reviews of policies.