Washington, D.C.

Baseline Information Security Engineer (Windows or Cisco)

Job Specs

Code:
4758388002
Department:
Cyber Defense
Date:
20-06-09
Offices:

Job Description:

XOR Security is currently seeking a talented Baseline Information Security Engineer for an exciting position supporting one of our federal clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets.

The candidate should have an in-depth understanding of networks and be able to perform the installation, configuration, tuning, and administration of Windows and Cisco devices.

This effort will require a technically, skilled engineer with experience performing analysis of network security solutions, including identifying gaps, recommending and implementing configuration changes to Windows and Cisco environments.  The candidate will also ensure existing network infrastructure and configuration standards are adhered to when delivering projects.  The candidate should be able to coordinate engineering and analysis efforts between network, incident response and management teams. The candidate must have a strong understanding of networking, analysis and system administration.  Additionally, the candidate should be comfortable interacting with all levels of a security team. 

Location:

Washington D.C., USA 

Skills and Qualifications:

Required Qualifications:

  • Hands-on experience with security engineering and information assurance functions for a Windows or Cisco environment. 
  • A minimum of eight (8) years of relevant work experience in the area of information/cyber security engineering or security operations, including hands-on experience with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools.
  • Two (2) or more years of experience in the design and implementation of enterprise-wide security controls to secure systems, applications, network, or infrastructure services.
  • Specialization in at least one of the following fields with four (4) or more years of experience:
    • Building and administering security devices such as network firewall, web proxy, data loss prevention systems, and intrusion prevention systems.
    • Building and administering Windows Server and Active Directory
    • Building and administering Linux/UNIX based systems
    • Building and administering Network devices (e.g., Cisco, Juniper)
    • Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
    • Conducting database security assessment and monitoring.
    • Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging.
    • Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10.
  • Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump.
  • Experience with public cloud services

Desired Qualifications:

  • Performing the security engineering and information assurance functions of Windows AD or Cisco environments for a federal agency.
  • Experience advising on security baselines and configuration management functions for a federal agency.
  • Familiarity with NIST 800-53 controls as they apply to Windows and Cisco environments. 
  • Understanding of command line scripting and implementation. (e.g., Python, Powershell)
  • Understanding of scripting and content creation. (e.g., Splunk dashboards, SNORT signatures, Python scripts, Powershell scripts.)
  • Strong understanding of networking. (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
  • Ability to perform Netflow / packet capture (PCAP) analysis.
  • Experience with cyber threat hunting.
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.