Washington, D.C.

Information Security Engineer (Imperva SecureSphere)

Job Specs

Cyber Defense

Job Description:

XOR Security is currently seeking talented Information Security Engineer specializing in Imperva SecureSphere for an exciting position supporting one of our federal clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting malicious activity using advanced toolsets.

The ideal candidate will have hands-on experience with Data Security technology (Imperva SecureSphere -  experience in  IBM Security Guardium is a +) to centralize and manage database audit and protection.  In addition, the candidate should have an in-depth understanding of networks and be able to perform the installation, configuration, tuning, and administration of Web Application Firewalls and data security systems.  

This effort will require a skilled engineer with experience performing analysis of network security solutions, including identifying gaps, recommending and implementing configuration changes to the WAF policies.  The candidate will also ensure existing network infrastructure and configuration standards are adhered to when delivering projects.  The candidate should be able to coordinate engineering and analysis efforts between network, incident response, and management teams. The candidate must have a strong understanding of networking, analysis and system administration.  Additionally, the candidate should be comfortable interacting with all levels of a security team. 


Washington D.C., USA 

Skills and Qualifications:

Required Qualifications:

  • Hands-on experience with deployment and administration of Data Security technology (Imperva SecureSphere). 
  • A minimum of eight (8) years of relevant work experience in the area of information/cyber security engineering or security operations, including hands-on experience with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools.
  • Two (2) or more years of experience in the design and implementation of enterprise-wide security controls to secure systems, applications, network, or infrastructure services.
  • Specialization in at least one of the following fields with four (4) or more years of experience:
    • Building and administering security devices such as network firewall, WAF, web proxy, data loss prevention systems, and intrusion prevention systems.
    • Building and administering Windows Server and Active Directory
    • Building and administering Linux/UNIX based systems
    • Building and administering Network devices (e.g., Cisco, Juniper)
    • Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities.
    • Conducting database security assessment and monitoring.
    • Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging.
    • Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit
  • Expertise in securing enterprise web applications and familiarity with OWASP Top 10.
  • Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump.
  • Experience with public cloud services

Desired Qualifications:

  • Understanding of command line scripting and implementation. (e.g., Python, Powershell)
  • Understanding of scripting and content creation. (e.g., Splunk dashboards, SNORT signatures, Python scripts, Powershell scripts.)
  • Strong understanding of networking. (TCP Flags, TCP Handshake, IP addressing, Firewalls, Proxy, IDS, IPS)
  • Ability to perform Netflow / packet capture (PCAP) analysis.
  • Experience with cyber threat hunting.
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems or equivalent experience.

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from the first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP and PUBLIC TRUST CLEARANCE REQUIRED.