Information Security Engineer

Summary

The job is for a Mid-Level Information Security Engineer at Tria Federal who will review system configurations to ensure compliance with security standards and organizational policy, particularly M-21-31 and Executive Order 14028. The candidate should have a strong background in cybersecurity engineering and excellent communication skills.

Requirements

• Strong understanding of cybersecurity concepts, especially how those are related to effective implementation of M-21-31 and E.O. 14028
• Demonstrated proficiency in using cyber tools and technologies
• Exceptional written and verbal communication
• Ability to work independently and within given timelines
• Professional Certifications: Security+
• Education: Bachelor’s Degree
• Clearance: Ability to obtain and maintain Top Secret with SCI Clearance
• Years of Professional Experience: 3-5 Years of Cybersecurity experience
• Required Technical / Business Toolset Experience: Strong working knowledge of Security Information and Event Management (SIEM) toolsets, i.e. MS Sentinel

Responsibilities

• Conduct thorough reviews of customer toolset configurations to ensure compliance with security standards and customer organizational policies
• Conduct in-depth enterprise configuration and logging reviews to ensure compliance with OMB M-21-31
• Recommend solutions in alignment with customer cybersecurity standards
• Develop and maintain customer enterprise logging baselines to compliment monitoring and security capabilities
• Proactively identify potential security risks and vulnerabilities, prioritize, and work with stakeholders to establish mitigation strategies
• Develop and help enforce information security policies, standards, and procedures
• Work closely with government stakeholders to understand security requirements, interpret directives, and ensure projects meet contractual compliance obligations

Preferred Qualifications

• BS in Computer Science, Information Technology, or related field
• CISSP, Security+, CGRC (formerly CAP), CISM, CISA, SSCP
• Strong understanding of security risk assessment methodologies and reporting frameworks