What are the responsibilities and job description for the Senior Security Engineer position at ICONMA?
Job Description
Senior Security Engineer
Location: Arlington, VA/Hybrid
Duration: 12 months
Description:
Team’s main responsibility:
Enterprise Security Architecture & Innovation
Enterprise Security Architecture and Innovation works to ensure that enterprise-wide technologies are secure, by design, to protect and enable the business.
This team provides advisory services & standardized security architecture frameworks.
Additionally, the team modernizes the organization’s security posture through the introduction of innovative security solutions while enhancing existing security technologies to mitigate rapidly emerging threats.
Culture of your team
Diverse team located across the globe.
A few team members have been at client for many years and a few are new. Extremely proud of the supportive nature of our team especially for new joiners.
Typical work day look like for this contractor
Typical day would include analysis of technical documentation, architecture diagrams, and consulting project teams on security best practices and client requirements. Also, team members will assist with internal program development areas such as process improvement and automation.
Top 3 required technical skills
Security engineering (hands on experience working with firewalls, IAM solutions, log management, scanning)
Python scripting
TCP/IP – solid understanding of IP addressing, ports and protocols
Level of competency is required? (Foundational, Intermediate, or Advanced)
Intermediate
Couple of desired/nice to have skills
Experience working with YAML
Java programming
Soft skills would you like to see in a candidate
Strong writing skills – documenting assessment results is a big part of what we do for our internal customers
As Corporate Security, we are responsible for keeping client safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day.
By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.
Overview
The Enterprise Security Architecture and Innovation team is looking for a Senior Information Security Engineer to join our team to work closely with Network and Security Engineering, Cloud Security, and Enterprise Application teams to design, build and deliver technology solutions and drive alignment to client policies and standards.
This person will evaluate system and application architectures, data flow requirements, and research areas of risk as it relates to software and infrastructure implementations.
The role requires the ability to influence and collaborate across a diverse group of internal stakeholders, effectively managing multiple priorities, demands, and possess a deep understanding of networks and systems in both on-premises and cloud environments.
In this role, the Senior Security Engineer will:
Manage security assessment engagements that include the analysis of solution designs, data flow diagrams, software business cases, implementation plans, and network changes.
Provide security engineering support for client technology imperatives that include the build-out of new data centers.
Identify opportunities for automating assessment workflows and assist with the development of scripts.
Analyze new and existing technologies and provide recommendations for areas of security risk and alignment to client €™s policies and technical standards.
Collaborate with other corporate security teams to evaluate new technologies and defining security requirements.
All About You
The ideal candidate for this position should:
Be a self-starter who is able to prioritize and work independently
Have a passion to learn about new technologies, and progressively takes initiative to develop that expertise
Be able to demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications
Have a solid understanding of firewalls, networking, threat prevention and detection, and application security principles
Have hands-on experience evaluating data flows, firewall policies, and access control lists
Be able to support maintenance windows outside of regular business hours (once or twice per month)
Have hands-on experience developing scripts, working with structured data formats such as YAML and JSON, and code version control systems such as GIT or Bitbucket
Have working knowledge and application of industry standards for security controls, and hardening systems and software
Have effective communication and project management skills with the ability to manage multiple engagements with diverse technical teams
National Initiative for Cybersecurity Education (NICE) competency proficiency levels of limited in leadership, limited to developing in operational and professional, and developing to proficient in technical.
This client role shares KSAs with related NICE work roles
Corporate Security Responsibility
Every person working for, or on behalf of, client is responsible for information security. All activities involving access to client assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
Abide by client security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with client guidelines.
