PingWind is hiring a
Security Engineer

Summary

Exeter is seeking a Security Engineer (ISSM) to support the U.S. Army at Fort Knox, Kentucky. The position requires 10% travel and can be remote. Key responsibilities include overseeing security planning, development, implementation, monitoring, and incident response. Required qualifications are a minimum of 10 years relevant experience, a Bachelor's degree or professional certification, and a current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification. Additional requirements include U.S. citizenship with active DoD SECRET level security clearance.

Requirements

• Minimum 10 years relevant experience
• Has a Bachelor's degree/professional certification
• Meets the technical requirements relevant to the project roles, responsibilities, and technical system functionality and processes
• Bachelor’s degree in Information Technology, Computer Science, or related field
• Current DoD 8570.01-M Information Assurance Technical IAT Level II (IAT II) baseline certification, such as Security+ CE
• U.S. citizen with active DoD SECRET level security clearance

Responsibilities

• Provides oversight for the planning, development, and implementation of proven solutions to increase security and defend against hacking, malware and ransomware, insider threats, and other types of cybercrimes
• Oversees or coordinates where appropriate, the monitoring of applications and the network, identifies security issues, and works to anticipate security breaches
• Provides implementation oversight of the application's security IAW the organization's overall security programs and processes
• Provides oversight in assuring protection of the organization's data and infrastructure by coordinating with developers, leads, and government representatives in determining appropriate security controls
• Manages and provides information to leadership and the organization's central cybersecurity staff, regarding identified vulnerabilities, POA&M and Risk Acceptances
• Ensures coordination and accuracy of POA&Ms and Risk Acceptance documents, providing recommendations as appropriate
• Attend cybersecurity and application development meetings as appropriate
• Ensures applications are designed IAW STIG requirements, provides oversight to ensure manual STIG reviews are conducted, and ensures compliance with the organization's application security process
• Provide oversight and coordination during investigations and subsequent analysis of security breaches and cyber security incidents in coordination with the organization's Incident Response team, determining the source of any issues, and assessment of any damage
• Reviews and provides oversight of security documentation, such as SSPs, SOPs, BIAs, Threat Models, and Incident Response Plans. Coordinates and ensures participation of appropriate team members during ISCP Tabletop Exercises
• Coordinates and ensues the development of any required documentation, to include the subsequent AAR, in support of ISCPs to ensure successful completion
• Maintains oversight and provides recommendations for the development of required documentation to meet RMF and any additional requirements
• Attend cybersecurity-related meetings with SMEs, developers, supervisors, and organizational cybersecurity staff, as well as any other necessary meetings critical to the successful security posture of application(s)
• Keeps abreast of industry security trends and developments, as well as applicable government regulations

Preferred Qualifications

• Experience with supporting assessment of IT systems compliance with Federal IT Security standards (NIST 800-53, FISMA, etc.)
• Knowledge of security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
• Understanding of data handling privacy standards to include PII and PHI
• Familiarity with DISA application security related Security Technical Implementation Guides (STIGs)
• Veterans with prior Army/DoD Cybersecurity experience highly desired