ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Senior Security Engineer who have experience building security configuration guidelines for various technologies within the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.
Roles and Responsibilities
Work under limited supervision and participates in the design, engineering, integration, implementation, testing, deployment, maintenance, review, and administration of the infrastructure, hardware, and software that are required to effectively manage the security and risk posture of the network and resources. Assist with developing system concepts and apply the systems engineering life cycle to translate strategic Cyber objectives, technology, and environmental conditions into engineering outcomes and solutions. Assist with selecting and applying processes and methodologies to meet Cyber performance objectives. Assist with analyzing trends and emerging technologies for potential program modernization. Configure cyber systems to meet user requirements. Support the acquisition of hardware and software, as needed.
- Specialization in at least one of the following fields with four (4) or more years of experience.
- Building and administering security devices such as network firewall, web proxy, data loss prevention systems, and intrusion prevention systems
- Building and administering Windows Server and Active Directory
- Building and administering Linux/UNIX based systems
- Building and administering Network devices (e.g., Cisco, Juniper)
- Conducting dynamic web application security testing, both manual testing and utilizing application security tools to discover exploitable vulnerabilities
- Conducting database security assessment and monitoring
- Managing cloud security operations, including identity & access control, secure configuration management, network security, enforcement policy scripting, workload security, data security, and logging
- Public Key Infrastructure (PKI) management and data encryption for data-at-rest and data-in-transit
- Expertise in securing enterprise web applications and familiarity with OWASP Top 10
- Demonstrated understanding of TCP/IP networking concepts and DNS, including hands-on experience in using packet analysis tools such as Wireshark or tcpdump
- Experience with public cloud services providers such as Amazon AWS or Microsoft Azure
- Strong familiarity with Federal compliance standards such as NIST 800-53, FIPS, FedRAMP
- BA or BS degree in Information Security, Computer Engineering, Information Systems, Telecommunications, or Technology
Years of Experience Requirement
- A minimum of eight (8) years of relevant work experience in the area of information/cyber security engineering or security operations, including hands-on experience with security tools and devices such as network firewalls, web proxy, intrusion prevention system, vulnerability scanner, and penetration testing tools
- Two (2) or more years of experience in the design and implementation of enterprise-wide security controls to secure systems, applications, network, or infrastructure services
- Maintain at least one current professional certification. Acceptable certifications include: Any SANS GIAC Security certifications (Administration, Software, Forensics, or GSE Expert), ISC2 CISSP, or any security systems vendor administration-level certifications. Other certifications may be acceptable as approved by the COR
- Washington, DC
- Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information