At ShorePoint, we recognize that what we do for our customers is critical, complex and often intense. Our team-oriented culture promotes creativity and collaboration in a fun and relaxed work environment.

ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers.

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an experienced Program Manager who will support the growth of the company by leading a team (or teams) to effectively manage customer requirements, oversee quality service delivery, and manage personnel supporting the project(s). This is a unique opportunity to join an exciting company where you will have a voice and be an active participant in driving growth and shaping our companies culture.

 

Roles and Responsibilities

Engage with ShorePoint customers to manage programs or projects in a manner that exceeds mission requirements. This involves management of resources (including development and tracking of individual training plans); ensuring quality service delivery, providing advisory support to customers, stakeholder management; identification of organic growth opportunities; and supporting corporate business development initiatives (including proposal support). Projects may involve a mix of billable, hands-on engagement combined with providing management oversignt to subcontract opportunities.

Required Skills

  • At least 5 years experience managing cybersecurity projects or programs to produce successful outcomes
  • Experience delivering high quality services in support of customer mission requirements
  • Experience managing resources to include employee development and training plans
  • Demonstrated experience developing project plans, creating and managing project schedules, and producing quality deliverables
  • Possess critical thinking and problem solving skills
  • Excellent written and verbal communication skills
  • Demonstrated stakeholder management experience
  • Ability to create a positive working environment by balancing client expectations with the work-life balance of our team

Preferred Skills 

  • Technical background providing cybersecurity professional services
  • Ability to provide advisory support to senior level cybersecurity personnel

 

Education Requirement

  • Bachelors degree in technical field

Certification Requirement

  • PMP required
  • Additional cybersecurity related certifications preferred

Location

  • Herndon/Reston, VA and Remote

Security Clearance

  • Ability to obtain agency level clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Cloud Engineer (Customer Facing) who have experience desiging and implementing cybersecurity services in a cloud environment within the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market. This position is a key contributor to a dynamic, agile team and part of a larger development effort for a multi-year, well-funded government cybersecurity program.

 

Roles and Responsibilities 

  • Able to create and deliver presentations and demonstrations to both technical and non-technical audiences
  • Be familiar with Agile/Scrum methodologies and best practices in order to engage with leadership and government clientele on project development
  • Have extensive experience with monitoring tools such as Elasticsearch, Splunk, CloudWatch, etc. in order to engage with project monitoring and incident response activities
  • Working with a multi-tenant platform and working with tenants to understand requirements
  • Has a thorough understanding of data transit between APIs (data ingest, indice frameworks), data normalization and cleansing concepts, and the networking and software implications
  • Experience in ephemeral software concepts and tooling, including but not limited to: docker, ECS/EKS, and Fargate
  • Be able to naviate an AWS cloud environment and utilize the different offerings.
  • Be able to leverage Infrastructure as Code (IaC) tools such as CloudFormation, Terraform,  etc. to structurally automate build requisite infrastructure
  • Be familiar with configuration management tools such as Ansible, Chef, ect.
  • Be familiar with version control systems such as Gitlab, Github and Bitbucket.
  • Leverage scripting languages such as Bash, Python, JavaScript, PowerShell, JSON, YAML, etc. to interface a variety of tooling together into a comprehensive package wherever applicable
  • Be able to leverage Docker toolset to design, implement and deliver containerized services, troubleshoot failure modes and resolve system/architectural issues
  • Have familiarity with implementing STiGs and other security requirement guides to harden both Windows and Linux operating systems
  • Be able to create and maintain custom Amazon AMIs that incorporate DoD STIG requirements
  • Integrate multiple software products across cloud and hybrid environments
  • Closely coordinate and communicate with team as well as sponsors for effort
  • Ability to brief and engage directly with sponsors and their supporting staff regarding technical support work and architecture design of cloud environments

 

Required Skills 

  • Experience with information security/information assurance policies, principles, and practices (NIST Special Publications: Risk, Security, and Privacy as a basis) in cloud environments including network firewalls, access control lists, encryption, auditing and monitoring, and compliance scanning
  • Familiarity with FedRAMP, the MITRE ATT&CK framework and other security frameworks is beneficial

Education Requirement 

  • Bachelor’s degree in Computer Science, Information Systems Management, or similar preferred

 

Years of Experience Requirement

  • 5 years of experience in AWS, supporting cloud native and linux-based applications and environments
  • 5 years of cloud-native networking, with a focus on high availability, scalability, and elasticity
  • 7 years of management and administration in enterprise cloud and hybrid environments

 

Location 

  • Fairfax, VA (remote available)

 

Security Clearance 

  • Must be a U.S. Citizen and have an ability to obtain and maintain a clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an IV&VSecurity Baseline Assessor who has experience with system/application security configuration baselines (defining, establishing, reviewing tool reports to validate a systems compliance with the required security baselines, etc.). Also, this Assessor will support the IV&V Assessment Team, as needed, to conduct IV&V reviews of systems (On-premises and cloud). This is a unique opportunity to shape the growth, development, and culture of an exciting and emerging company in the cybersecurity market

 

 

Roles and Responsibilities

Conducts independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).

 

Required Skills

  • Experience with creating, reviewing, and customizing general security configuration baselines including DoD STIGs, and CIS Benchmarks.
  • Extensive experience conducting cloud security control assessments using FEDRAMP, including preparation of complete authorization packages Experience as a member of a certified FedRAMP Third-party Assessment Organization (3PAO) desired.
  • Experience working with the NIST 800 Special Publication series guidance related to risk management and security control implementation, including 800-30,800-37, 800-53, 800-60, 800-63, 800-115, or 800-137.
  • Technical skills in performing security reviews, identifying gaps in security architectures, and developing a security risk management plan.
  • Expertise in technical security assessment techniques, tools, and practices.
  • Experience conducting Risk Assessments to include performing a risk analysis of identified vulnerabilities and developing Risk Assessment Reports to quantify the risk-level (e.g., threat, vulnerability, and probability of occurrence).
  • Experience in reviewing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Experience in developing security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
  • Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
  • Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice.
  • Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.

Desired Skills

  • Developing knowledge in the following areas: network and host-based firewalls, intrusion detection/prevention systems, data loss prevention, vulnerability scanning, anti-malware and spam protection, secure data transmission technologies, and network monitoring/protection solutions.
  • Understanding and proficiency in network security architecture concepts including topology, protocols, components, and principles.
  • Knowledge of modern software development and deployment practices including unit testing, continuous integration, and continuous deployment.
  • Ability to translate identified vulnerabilities into quantifiable risk.
  • Ability to effectively interact with various levels of senior management is necessary.
  • Experience with using/modifying Tenable.sc .audit files and/or McAfee Policy Auditor.

 

Education Requirement

  • BA/BS in Computer Science, Engineering, or related technical IT field

 

Years of Experience

  • Four (4) to six (6) years of relevant cyber-security experience
  • System Engineering experience is desired

 

Certification Requirement

  • Required – ISC2 Certified Information Systems Security Professional (CISSP)
  • Desired – Microsoft Certified System Engineer (MSCE)

 

Location

  • Arlington, VA

 

Security Clearance

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Data Engineer who will support a priority security data integration effort that directly improves the cyber resilience of our Nation’s critical infrastructure. This is a unique opportunity to join a rapidly growing company and contribute to the development of robust and innovative cybersecurity solutions.

 

Roles and Responsibilities

The Data Engineer is responsible for expanding and optimizing data and data architecture, as well as optimizing data flow and collection for cross-functional teams. Additional position activities include supporting software developers, database architects, data analysts and other program teammates to achieve data initiatives and ensure optimal data delivery architecture is consistent throughout ongoing projects. The ideal candidate is an experienced data pipeline builder and data wrangler who enjoys optimizing data systems and building them from the ground up. The Data Engineer will distill use cases and requirements from a broad collection of stakeholders into functional, integrated, data-driven solutions that generate actionable insights for a range of operations personnel.

 

Required Skills

  • Extensive experience as a data engineer or comparable discipline in a government environment
  • Experience with building infrastructure required for extraction, transformation, and loading of data from a wide variety of data sources
  • Advanced applied knowledge and experience working with relational databases, query authoring, as well as working familiarity with a variety of databases
  • Experience building and optimizing data pipelines, architectures and data sets
  • Administers Security Data Integration Platform
  • Conducts parsing/normalization of all data feeds
  • Documents and automates parsing of tools/versions within inventory catalog
  • Investigates/correlates new data feeds for inventory and data source updates
  • Provides site-specific data platform technical reach-back and guidance for site administrators
  • Experience with Agile management and associated tools
  • Self-starting and able to drive projects to completion in a fast moving environment
  • Solid communications skills, both written and verbal
  • Able to create, discuss and explain technical documentation
  • Ability to function effectively as part of a high performance team

Desired Skills 

  • Experience troubleshooting issues related to data connections and/or data sources
  • Familiar with NISTIR 8112
  • Multi-cloud (AWS, Azure, Google, and/or other SaaS providers) and on-premise data integration experience
  • Experience with one or more queuing technologies

Education Requirement

  • Bachelor’s Degree in a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience

 

Years of Experience Requirement 

  • Minimum of 5+ years of experience sourcing, connecting, and assembling large, complex data sets

 

Location 

  • Herndon/Reston, VA  (Remote)

 

Security Clearance 

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Network Engineer to support a Zero Trust Architecture initiative for a federal customer who has experience planning, implementing, and operating network services/systems, to include hardware and virtual environments in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities 

  • Plans, implements, and operates network services/systems, to include hardware and virtual environments.
  • Supports network integration and implementation of SASE solution
  • Supports migration of current information systems into SASE environment
  • Review existing network infrastructure and coordinate with other stakeholders and contractors to perform a network assessment to include but not limited to reviewing existing circuits, connection types, bandwidth, types of traffic, routing protocols, and more.
  • Develop a roadmap for SASE Branch Office Use Case implementation and make recommendations on how the Government should implement and migrate to the solution.
  • Support the Department migration from Multiprotocol Label Switching (MPLS) to a SASE Branch Office architecture
  • Coordinate with other Government PMO’s and respective contractors to ensure a successful migration from MPLS to a SASE Branch Office architecture
  • Develop and implement network backup and recovery procedures.
  • Integrate new systems into existing network architecture.
  • Monitor network capacity and performance.
  • Patch network vulnerabilities to ensure that information is safeguarded against outside parties.

 

Required Skills 

  • Expert knowledge of routing, TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Expert knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • Working knowledge of leading SASE solutions including Palo Alto Prisma Access
  • Working knowledge of the UNIX, Linux and Windows Operating System’s and familiarity with a variety of subsidiary support systems.
  • Working knowledge of Active Directory, Office 365, Azure and AWS cloud services.
  • Working knowledge of virtualization technologies including VMWare ESX and RedHat OS
  • Experience with monitoring, data backups and recovery techniques, system utilization, and recovery testing.
  • Experience creating and maintaining network and system diagrams.
  • Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • Must have the ability and desire to solve problems and work in a highly technical environment.
  • Must be detailed oriented and possess good technical writing skills.
  • Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met
  • Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice
  • Must be able to multi-task, work independently and as part of a team, share workloads,and deal with sudden shifts in project priorities

Desired Skills 

  • Experience with design, implementation or maintenance of a Zero Trust architecture in a Federated enterprise environment
  • Experience operating and maintaining SD-WAN and/or NFV technologies

Education Requirement 

  • BA/BS in Computer Science, Engineering or related technical IT field

 

Years of Experience Requirement 

  • At least 5 years of directly related work experience

 

Certification Requirement 

  • Relevant industry certification preferred

 

Location 

  • Washington, D.C  (Remote available)

 

Security Clearance 

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an Endpoint Engineer to support a Zero Trust Architecture initiative for a federal customer who has experience planning, implementing, and operating network services/systems, to include hardware and virtual environments in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

Roles and Responsibilities

  • Plans, implements, and operates endpoint solutions across an enterprise network
  • Directly contributes to endpoint security capability roadmap
  • Tests endpoint solution against numerous standard operating environments for integration and configuration issues
  • Responsible for evaluating capabilities of endpoint technology for implementation in production in accordance with policy and regulatory requirements
  • Supports working groups for zero trust implementation and ZT roadmap maturity requirements as needed
  • Will work closely with automation team to recommend capabilities for automation with SOAR technology
  • Attends technical engagement with auditors, regulators, and third party stakeholders when required
  • Patch vulnerabilities to ensure that information is safeguarded against outside parties.

 

Required Skills 

  • Experience with various endpoint technologies including Microsoft Defender, Crowdstrike, CarbonBlack, etc.
  • Understanding of security benchmarking (CIS) and how to apply those settings in an enterprise environment
  • Experience integrating multi-vendor solutions using open standard protocols and API’s
  • Experience evaluating logging requirements and making appropriate configuration settings based on organizational policy and guidance
  • Familiarity with SIEM technologies
  • Familiarity with SOAR capabilities and candidate capabilities for automation
  • Must have the ability and desire to solve problems and work in a highly technical environment.
  • Must be detailed oriented and possess good technical writing skills.
  • Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met
  • Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice
  • Must be able to multi-task, work independently and as part of a team, share workloads,and deal with sudden shifts in project priorities

Desired Skills 

  • Experience with design, implementation, configuration, and maintenance of Microsoft Defender

Education Requirement 

  • BA/BS in Computer Science, Engineering or related technical IT field

 

Years of Experience Requirement

  • At least 5 years of directly related work experience

 

Certification Requirement 

  • Relevant industry certification preferred

 

Location 

  • Washington, D.C (Remote available)

 

Security Clearance 

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an Automation Engineer who has experience with developing Security Orchestration and Automation (SOAR) use cases and integrations in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities 

  • Work with clients to understand their security operations objectives and identify where security automation could create significant efficiencies or enable their analysts to be more effective.
  • Design, document, and implement use cases in SOAR platforms.
  • Develop prototypes and elicit client feedback.
  • Design, configure and assist with deployment of SOAR platforms and integrations with third party security technologies such as firewalls, CASB, EDR, etc.
  • Providing expert knowledge for the development of Zero Trust application architecture designs to optimize mission effectiveness across all aspects of cybersecurity
  • Provide review and support for application integration activities
  • Review or help create test plans to validate the integration of software functionality
  • Contribute to development of documentation
  • Interpret and implement functional requirements associated with zero trust architectures and applications
  • Provides support to operations teams when capabilities are deployed into production

 

Required Skills 

  • Experience developing requirements for enterprise cybersecurity architectures from Federal Government customers with a focus on Zero Trust.
  • Experience implementing solutions to challenging problems with Python or JavaScript.
  • Other scripting languages (Bash, PowerShell, etc.)
  • Experience with common authentication (e.g., OAuth, Okta, SSO, LDAP) technologies.
  • Experience implementing and using solutions with REST interfaces.
  • Experience with Linux and Windows system administration experience.
  • Understanding of fundamental computing technologies such as the TCP/IP stack, networking, processes, threads, etc. Ability to troubleshoot IT issues.
  • Experience with SOAR platform experience (XSOAR, ServiceNow).
  • Experience deriving requirements and use cases from cybersecurity analysts and stakeholders.
  • Experience prototyping solutions, eliciting feedback, and prioritizing modifications with end users.
  • Experience designing and implementing enterprise cybersecurity capabilities .
  • Experience working in Security Operations, Incident Response, or Penetration Testing.
  • Experience using and configuring various security technologies, such as EDR, SIEM, Firewalls.
  • Logging flow and search technologies (Splunk, Elastic Stack, etc.).
  • Experience working with Cloud Technologies (AWS, Azure, etc.) and strategies for security cloud infrastructure and applications.
  • Ability to integrate cybersecurity engineering principles into infrastructure planning, design, and deployment
  • Ability to meet schedule, performance, and quality within the systems development life cycle (SDLC)
  • Understanding of technical, operational, and management issues related to design, development, and deployment of complex and distributed systems
  • Experience with JIRA and Agile development practices

Education Requirement 

  • BS in Computer Science or related field

Years of Experience Requirement 

  • Minimum 4-5 years of experience

Location 

  • Washington, D.C (Remote available)

Security Clearance

  • Must be able to obtain a U.S Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Customer Experience Strategist who will support the growth of a newly awarded program and the company. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

 

Roles and Responsibilities 

  • Supports stakeholder engagement to ensure a customer experience perspective. Ensures quality in deliverables and programmatic outputs based on customer defined success criteria
  • Creatively gather and package compelling customer feedback, research, and other data to develop insights to support leadership decision-making
  • Bring together the right people and supporting culture to develop strategies for improving CX, and plan for achieving measurable outcomes
  • Drive opportunities and projects through to completion creatively within a bureaucracy, while maintaining respect for colleagues and tactfully building coalitions of support

 

Required Skills 

  • Excellent leadership, relationship management, flexibility and communication skills
  • Experience developing CX strategy and initiatives, ability to show progress and outcome measurements via feedback and performance measures
  • Experience using information collected to drive decision making and support continuous improvement
  • Excellent skills in planning for a portfolio of engagements, cross-group collaboration, resource orchestration, communications, analytical capabilities, and attention to detail required
  • Strong presentation skills with a high degree of comfort with both large and small audiences and various levels of management

Education Requirement 

  • BS in Computer Science or related field

Years of Experience Requirement 

  • Minimum 5 years of experience

Location 

  • Washington, D.C (Remote available)

Security Clearance

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an Application Integration Engineer who has experience with developing and connecting software within cybersecurity architectures in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

  • Reviews proposed new systems, networks, and software designs for government enterprise to integrate development, security, and operations in their development process.
  • Design, develop, assist with implementing and/or integrating cybersecurity systems and system components including those for networking, computing, and software environments for systems with differing data protection requirements
  • Providing expert knowledge for the development of Zero Trust application architecture designs to optimize mission effectiveness across all aspects of cybersecurity
  • Provide review and support for application integration activities
  • Review or help create test plans to validate the integration of software functionality
  • Contribute to development of documentation
  • Interpret and implement functional requirements associated with zero trust architectures and applications
  • Provides support to operations teams when capabilities are deployed into production

 

Required Skills 

  • Overall strong background in systems engineering, security engineering, architecting, enterprise integration, and interoperability in a complex systems environment
  • Experience developing requirements for enterprise cybersecurity architectures from Federal Government customers with a focus on Zero Trust
  • Experience designing and implementing enterprise cybersecurity capability capabilities
  • Ability to integrate cybersecurity engineering principles into infrastructure planning, design, and deployment
  • Ability to meet schedule, performance, and quality within the systems development life cycle (SDLC)
  • Understanding of technical, operational, and management issues related to design, development, and deployment of complex and distributed systems
  • Knowledge of connecting to and implementing on Cloud Resources
  • Experience with JIRA and Agile development practices
  • Experience modeling data, message, and service interoperability
  • Understanding of interrelationships between critical infrastructure protection and cybersecurity
  • Developing API integrations with multiple big data sources
  • Developing, deploying, and implementing backend database of normalized findings
  • Demonstrable experience with secure coding practices and development processes
  • Experience with containerization technologies
  • Ability to integrate application workloads with appropriate authentication and authorization standards (e.g. SAML, OIDC, OAuth) and centralized identity providers to ensure near-real-time access decisions

Education Requirement

  • BS in Computer Science or related field

Years of Experience Requirement

  • Minimum 5 years of experience

Location 

  • Washington, D.C (Remote available)

Security Clearance 

  • Ability to obtain a U.S Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Testing Specialist who will support the growth of of a newly awarded program and the company. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

 

Roles and Responsibilities

The ZTA Testing Analyst will be responsible for supporting the engineering team and leading the development of system test plans and other test and evaluation (T&E) documents, as well as developing and conduction User Acceptance Testing of ZTA capabilities.  The individual will assist the engineering team in the long-term sustainment to enable successful deployments.  The individual will also support stakeholders throughout the organization on user acceptance testing of ZTA capabilities including SASE and SOAR.

 

Required Skills 

  • Experience analyzing system requirements, concept of operations, documents, acquisition plans and system descriptions to develop T&E plans and procedures
  • Experience designing test plans in support of user requirements for complex applications with other test organizations to support T&E program integration
  • Experience managing system functionality, conducting regression testing, configuration management and develop a long-term operations & maintenance plans
  • Excellent written and verbal communication skills to include the development of documentation (e.g., test plan, test cases, test reports)
  • Experience with Azure test platforms
  • Azure testing experience

Education Requirement

  • A Bachelor’s degree in computer science, information systems, business, engineering or related scientific or technical discipline, to include policy coursework or degree.

Years of Experience Requirement 

  • This position requires a minimum of two (2) years identity management-related experience.

Location 

  • Washington, D.C  (Remote available)

Security Clearance 

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Information Assurance Analyst who has experience working with both Agile and Waterfall System Development Lifecycles (SDLC’s) and integrating RMF process into a Federal Information System. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

Responsible for supporting ISSO’s and System Owners supporting Zero Trust capability implementations with the following:

 

  • Developing and maintaining System Security Plans (SSP).
  • Implementing and managing NIST 800-53 Rev. 5 or later Security Controls.
  • Developing and adding security controls for ZT capabilities to Common Control catalog
  • Supporting the SA&A process.
  • Supporting Continuous Monitoring activities.
  • Managing POA&Ms and developing remediation strategies.
  • Aligning systems activities to the NIST Cyber Security Framework (CSF).
  • Supporting the incident response process.
  • Identifying and supporting system Interconnection Security requirements.
  • Supporting audit logging review and remediation activities.
  • Providing OMB FISMA data.
  • Developing and documenting incident reporting procedures for service desk, admins, and security staff for incidents.

 

Required Skills 

Must have a good understanding of SDLC and RMF Process including:

 

  • Experience advising government program managers on security testing methodologies and processes
  • Experience performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response
  • Experience evaluating certification documentation and providing written recommendations for accreditation to government PMs
  • Experience reviewing system security to accommodate changes to policy or technology
  • Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed
  • Experience advising the government concerning the impact levels for Confidentiality,
  • Integrity, and Availability for the information on a system
  • Experience conducting certification tests that include verification that the features and assurances required for each protection level are in place
  • Experience with conducting and coordinating IS security inspections, tests, and reviews
  • Experience assessing changes in the system, its environment, and operational needs that could affect the accreditation
  • Experience preparing the final SAR containing the results and findings from the assessment
  • Experience with Initiating a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
  • Experience performing risk assessments and making recommendations to customers

Certification Requirement

  • At least one security certification from the following issuing bodies: (ISC)², Comp TIA, ISACA, GIAC, CISCO, EC- Council, IAPP, or equivalent.

Education Requirement

  • Preferred Education : Bachelors of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience

Years of Experience Requirement

  • Minimum of 3 years of experience

Location

  • Washington, D.C (Remote available)

Security Clearance

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Testing Specialist who will support the growth of of a newly awarded program and the company. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

 

Roles and Responsibilities

The Testing Specialist will be responsible for supporting the engineering team and leading the development of system test plans and other test and evaluation (T&E) documents, as well as developing and conduction User Acceptance Testing. The individual will assist the engineering team in the long-term sustainment to enable successful deployments.

 

Required Skills

  • Experience analyzing system requirements, concept of operations, documents, acquisition plans and system descriptions to develop T&E plans and procedures
  • Experience designing test plans in support of user requirements for complex applications with other test organizations to support T&E program integration
  • Experience managing system functionality, conducting regression testing, configuration management and develop a long-term operations & maintenance plans
  • Excellent written and verbal communication skills to include the development of documentation (e.g., test plan, test cases, test reports)
  • Experience with Azure test platforms
  • Azure testing experience

Education Requirement 

  • A Bachelor’s degree in computer science, information systems, business, engineering or related scientific or technical discipline, to include policy coursework or degree.

Years of Experience Requirement 

  • This position requires a minimum of two (2) years identity management-related experience.

Location 

  • Herndon/Reston, VA (Remote)

Security Clearance 

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Operations Center (SOC) Analyst to work in a 24x7x365 SOC. This team will provide initial levels of incident identification, analysis, and triage. They will also provide baseline health reporting of the core SOC toolset, including availability of security log and data sources and integration of threat intelligence feeds. Proactive threat hunting will be a regular duty of the team. The team will mitigate incidents directly where possible, escalating incidents as needed to the Incident Response and Management Team. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities 

  • Perform Computer Security Incident Response activities for a large global enterprise, coordinate with other enterprise IT teams to record and report incidents
  • Work incidents from initial assignment to final resolution
  • Recognize potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analysis of security tools
  • Author SOPs as needed or directed
  • Fully document assigned tickets to show all work performed
  • Create, track, and work to resolution Normal and Standard job-related Change Requests
  • Correlate network activity across networks to identify trends of unauthorized use
  • Reviews alerts and data from sensors and documents formal, technical incident reports
  • Track, update and close tickets expeditiously
  • Researches emerging threats and vulnerabilities to aid in the identification of network incidents
  • Analyzes data from threat and vulnerability feeds and analyzes data
  • Identifies and resolves false positive findings in assessment results
  • Makes real-time decisions about incidents as they occur

 

 

Required Skills 

  • Strong analytical and technical skills in computer network defense operations, ability to lead efforts in Incident Handling (Detection, Analysis, Triage), Hunting (anomalous pattern detection and content management) and Malware Analysis.
  • Prior experience and ability to with analyzing information technology security events to discern true positive incidents from false positive events. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
  • Demonstrated capability to effectively monitor and investigate security incidents as well as make recommendations to improve the security posture of a large organization
  • Strong logical/critical thinking abilities, especially analyzing security events from host and network event sources e.g., windows event logs, AV, EDR, network traffic, IDS events for malicious intent).
  • Strong foundation of Network and Security skills, fundamental knowledge of Windows, Linux and Cisco operating systems, networking protocols and network traffic analysis
  • Previous hands-on experience with a Security Information and Event Monitoring (SIEM) platforms and/or log management systems that perform log collection, analysis, correlation, and alerting is required (preferably within Splunk).
  • Experience with IT security tools, working technical knowledge of network, server, storage and desktop hardware and software
  • Demonstrated ability to work with matrixed resources in a team environment
  • Excellent written and verbal communication skills

Education Requirement 

  • BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline or 1+ years of relevant experience is preferred

 

Years of Experience Requirement 

  • 1-5 years desired but not required depending on demonstrated capability to perform required tasks

 

Certification Requirement 

  • Security+ required. Additional desired certifications include: Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH)

Location 

  • Remote

Security Clearance

  • Active Secret clearance required

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Data Engineer who will support the growth of a newly awarded program and the company. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

 

Roles and Responsibilities

 

The Data Engineer is responsible for expanding and optimizing data and data architecture, as well as optimizing data flow and collection for cross-functional teams. Additional position activities include supporting software developers, database architects, data analysts and other program teammates to achieve data initiatives and ensure optimal data delivery architecture is consistent throughout ongoing projects. The ideal candidate is an experienced data pipeline builder and data wrangler who enjoys optimizing data systems and building them from the ground up.

 

Required Skills

 

  • Extensive experience as a data engineer or comparable discipline in a government environment
  • Experience with building infrastructure required for extraction, transformation, and loading of data from a wide variety of data sources
  • Advanced applied knowledge and experience working with relational databases, query authoring, as well as working familiarity with a variety of databases
  • Experience building and optimizing data pipelines, architectures and data sets
  • Experience with Agile management and associated tools
  • Self-starting and able to drive projects to completion in a fast moving environment
  • Solid communications skills, both written and verbal
  • Able to create, discuss and explain technical documentation
  • Actively manages project risks and issues to close technical gaps in the project

Desired Skills

  • Identity Management and Authentication/Authorization integration experience (e.g. Active Directory, SAML, LDAP, MFA, OAuth 2.0, OIDC, etc )
  • Experience troubleshooting issues related to data connections and/or data sources
  • Familiar with NISTIR 8112

Education Requirement 

  • Bachelor’s Degree in a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience

Years of Experience Requirement 

  • Minimum of 5+ years of experience sourcing, connecting, and assembling large, complex data sets

Location 

  • Herndon/Reston, VA  (Remote)

Security Clearance 

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Information Security Engineer who will support the growth of a newly awarded program and the company. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

 

Roles and Responsibilities

  • Provide information security expertise to system development teams
  • Manage the overall cybersecurity of the ICAM Solution and ensure that identified security vulnerabilities, policy, and mandate deviations are documented, reported, tracked, and remediated on a POA&M
  • Follow the guidance in the Department’s Common Controls Catalog and the current version of NIST SP 800-53 and NIST SP 800-63
  • Review information system documentation and the information system itself at least monthly
  • Update documentation for the information system as required in the selected central cybersecurity repository
  • Ensure system weaknesses are captured in the POA&Ms
  • Ensure security plans and authorization documentation for provided system(s), service(s), and network(s) are developed and kept current

 

Required Skills

  • Experience with cybersecurity repository tools (CSAM, Xacta, etc)
  • Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev3 / Rev4, working with System Owners (SO
  • Experience with the C&A process
  • Understanding of FISMA compliance

Education Requirement

  • Bachelor’s degree in related field or equivalent experience highly desired

Years of Experience Requirement

  • 5-7 years applicable professional experience

Location

  • Herndon/Reston, VA  (Remote)

Security Clearance

  • Ability to obtain a U.S. Government clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a  Training Manager  who will support the growth of a new program.This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity governance framework.

 

Roles and Responsibilities 

Creates training plan and executes all training activities. Execute training for all types of users (e.g., general users, system administrators, Cyber Operations analysts, etc). Coordinates with customers and PMO Tier III team to gather training requirements. Collaborate with technical PMO Tier III team (e.g., Security Architect, Principal Systems Architect, etc.) to finalize and execute training plan(s).

 

Required Skills 

  • Experience implementing training plans and addressing inefficiencies
  • Experience creating assessment and provision plans in order to reach goals and objectives
  • Develop training manuals that target tangible results
  • Implementation of effective training methods
  • Critical thinker, organization and time management expertise
  • Excellent written, verbal and interpersonal communication skills

Education Requirement 

  • Bachelor’s degree in Computer Science, Engineering, IT, Cybersecurity, or Business. Additional 4 years’ experience can substitute degree requirement

 

Years of Experience Requirement 

  • 5+ years of experience performing functions in position description.

 

Location 

  • Hybrid – Washington, D.C OR Remote

 

Security Clearance

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a   Information Assurance Analyst who will support the growth of the company by assisting with the prepration of accurate and timely financial statements. This is a unique opportunity to join a rapidly growing company while learning on the job and taking on additional financial reporting responsibilities.

 

Roles and Responsibilities 

Responsible for determining information system requirements by evaluating business strategies; researching information technology standards; conducting system analyses and risk assessments; studying architecture/platform; identifying integration issues; or preparing cost estimates. Implements systems and infrastructure by specifying methodologies, procedures and infrastructure (hardware/software); directing hardware and software installation and calibration; preparing preventive and reactive measures; providing technical support; or completing documentation. May verify and harden information systems by developing and conducting test procedures.

 

Required Skills 

  • Hands on experience conducting vulnerability assessments and analysis of scan results with Tenable Nessus
  • Hands on experience conducting configuration compliance assessments (automated and manual) using Tenable Nessus and DISA STIGs. Experience providing analysis of compliance scan results
  • Experience working with Plans of Action and Milestones (POA&Ms) to include providing detailed vulnerability summaries and impacts and drafting risk mitigation strategies for identified risk
  • Experience with RMF steps 4-6 (Assess, Authorize, Monitor) for federal applications and GSSs
  • Experience assessing various IT infrastructure systems (networking appliances, firewalls, IDS/IPS, etc.) and end-user devices for vulnerabilities and configuration compliance
  • Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data
  • Ability to communicate effectively; strong documentation and communication (written and verbal) skills

Education Requirement 

  • BA or BS degree in Information Security, Computer Engineering, Information Systems, Telecommunications, or Technology

 

Years of Experience Requirement 

  • 3 years of experience performing functions in position description

 

Location 

  • Hybrid – Washington, D.C OR Remote

 

Security Clearance 

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a   Principle System Architect who will serves as the Subject Matter Expert on all information system and infrastructure-related matters. Provide technical knowledge and high-level analysis, design, integration, documentation and implementation of all information systems related topics. Lead projects, make recommendations on new and emerging technologies, and provides insight into the latest trends and methodologies. This is a unique opportunity to join a rapidly growing company while learning on the job and taking on additional financial reporting responsibilities.

 

Roles and Responsibilities 

Provides daily technical supervision and direction to senior systems architects and other staff. Provides advisory support to senior cyber executives within the organization on security capability gaps and measures needed to fortify enterprise environments.  Assists the project manager with guidance and advice on security strategy and technical team direction.  Establishes security capability maturity levels and roadmaps for maturing cyber capabilities throughout the enterprise.  Develops and maintains Analysis of Alternatives process for making decisions on capability implementation of as-is for to-be environments.  Produces design architecture to include the software, hardware, and communications to support requirements as well as provide present and future cross- functional requirements and interfaces. Ensure systems are compatible and in compliance with the industry and Federal standards.

Required Skills 

  • Experience designing and implementing enterprise cybersecurity architectures
  • Experience developing requirements for enterprise cybersecurity architectures from Federal Government customers with a focus on Zero Trust
  • Experience with baseline enterprise cybersecurity capability configurations
  • Experience validating and verifying enterprise cybersecurity capability implementation success and ongoing configuration changes
  • Experience designing and implementing enterprise cybersecurity capability capabilities
  • Experience creating policy that adheres with the CISA Maturity Models and NIST standards

Education Requirement 

  • Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or IT – preferred

 

Years of Experience Requirement 

  • 10+ years of experience performing functions in position description

 

Certification Requirement 

  • CISSP or CISM required

 

Location 

  • Hybrid – Washington, D.C OR Remote

 

Security Clearance

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Policy Analyst  who will support the growth of a new program. This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity governance framework.

 

Roles and Responsibilities

Responsible for determining information system requirements by evaluating business strategies; researching information technology standards; conducting system analyses and risk assessments; studying architecture/platform; identifying integration issues; or preparing cost estimates.  Perform gap analysis of existing set of security policies and procedures against policy drivers and overarching compliance requirements including FISMA, OMB Memorandum, CISA guidance, NIST best practices, and federal laws.  Will develop and update security policies and procedures as federal guidance changes and will maintain and publish guidance for various stakeholders throughout the organization.  Will support mechanisms to receive feedback and incorporate updates as needed.  Will develop white papers, executive briefings and memorandum to support and promote policy and guidance drivers and make recommendations on appropriate updates.

 

Required Skills 

  • Experience with drafting, and maintaining enterprise-wide cybersecurity policies, any technical standards, secure baseline configurations, and implementation guidance for the design and implementation of ZTA related cybersecurity controls within the information systems
  • Experience with items such as white papers, Chief Information Security Officer (CISO) memos and similar documents necessary to show program/systems/service status, conduct change/configuration management of the program/system/service and promote the success and challenges of the program
  • Experience aligning cybersecurity policies, instructions, technical standards and implementation guidance with overarching Federal regulations, guidance and best practices including but not limited to: Federal Information Processing Standards (FIPS), National Institute of Standards and Technologies (NIST) Standards, Office of Management and Budget Memos, Security Technical Implementation Guides (STIGs), CIS Benchmarks, Vendor Hardening Guides, Executive Orders (EOs), Binding Operational Directives, Office of Inspector General (OIG) recommendations and Government Accountability Office (GAO) recommendations

Education Requirement

  • Bachelor’s or Master’s degree preferred

 

Years of Experience Requirement 

  • 2-5 years of experience performing functions in position description

 

Location 

  • Hybrid – Washington, D.C OR Remote

 

Security Clearance

  • Eligibility to obtain and maintain customer required security clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking an experienced Cyber Security Tools Engineer to join our team in Reston, VA to provide unparalleled support to our customer through the Continuous Diagnostic & Mitigation (CDM) Program. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

  • Highly skilled tools engineer to perform in a fast paced customer needs driven environment. Ability to change directions based on cyber threat and mitigation strategies.
  • Ability to communicate as a solid team player in support of the tools team and to ensure customer success
  • Manage tools in accordance with the TAD (Technical Architecture Document) documentation. Ability to create a TAD where one does not exist to document current state design and implementation.
  • Work closely with the Splunk team for log ingestion into a wider log aggregation capability for security monitoring, alerting and after the fact investigations.
  • Work closely with architects, engineers, and integrators to assess customer requirements and to design and support differing tool set solutions to ensure alignment with customer needs.
  • Support the users of the tool and data in order to maintain a healthy working environment.
  • Ability to deliver ad-hoc briefs of current status of responsible tool sets to a wider audience to help them understand capability, next actions, and communicate deliverable timeframes.
  • Follow life cycle processes to move solutions from Dev to Test to Production.
  • Participate in group sessions as well as attend and share in agile sprint daily meetings in order to track progress to ensure development of solutions is in support of the CDM project and customer requirements.
  • Serve as a trusted advisor, providing subject matter expertise, guidance, and best practice recommendations.
  • Document the installation and configuration for deployment into production
  • Secure the solution by being familiarity with TLS, certificates, SSO/PIV authentication, and encryption technologies
  • Work with the data lifecycle management team
  • Test data flows, troubleshooting issues, and monitoring the health of the solution and servers to maximize performance and minimize downtime
  • Work with a team and provide analysis of alternatives and progress status in daily sprint meetings
  • Meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner
  • Develop and manage effective working relationships with other departments, groups, and personnel with whom work must be coordinated or interface
  • Recommend enhancements and modifications to optimize business intelligence processes
  • Ability to support 24x7x365 outage scenarios for quick resolution and remediation

 

Required Skills

General Skills

  • Maintain and/or update system architecture to fit changes in environment. Automate task depending upon OS. Routinely research assigned tools for vulnerabilities and system patches
  • Follow strict change management guidelines in Service Now to implement changes in support of SLAs and SLOs.
  • Support outside agencies with USAID mail integration.
  • Consult with Direct Hires on applications to determine tool capabilities and how they fit in to the ecosystem.
  • Complete Analysis of alternative reports and SOP’s for review and implementation.
  • Windows and Linux Server commands, networking knowledge, and PKI knowledge assist in troubleshooting testing scenarios, implementations, and system patches/updates.

 

Messaging Tools:

  • Valimail, Fireeye ETP, Google Cloud Platform

 

Endpoint Tools:

  • Fireeye HX, Azure

 

Vulnerability Tools:

  • Qualys, Tenable SC, Burp Suite, Trustwave

 

Network Tools:

  • Skybox Security
  • IDAM Tools
  • SailPoint

Interpersonal Skills

  • Ability to operate day to day tasks with little to no supervision
  • Communicate current status of projects with the ability to explain in non-technical terms
  • Ability to anticipate questions and challenges based on customer feedback and environmental changes.
  • Self starter, Team Player
  • Ability to articulate to the end customer as a security professional, offering solutions and able to build timelines and projects based on desired outcomes.

 

Education Requirement

  • BS in Computer Science or related field Expereince required

 

Years of Experience Requirement

  • 2+ years of experience

 

Location

  • Reston, VA (REMOTE)

 

Security Clearance

  • Must be a US citizen (non-dual citizenship)
  • Active DoD Secret Clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking Compliance and Continuous Monitoring Engineers to: Provide Security Assessment & Authorization (A&A) and Information Assurance (IA) Support; Conduct Technical Security Assessments; Perform Enterprise Vulnerability Scanning & Reporting Functions; and Conduct Enterprise Vulnerability System Scanning. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

 

  •  Work closely with target organizations to ensure full comprehension of the standard security controls; conduct site visits as required
  •  Assist with security controls compliance assessments using established matrixes of tailored control and provide expert support in assessments of target organizations
  • Provide support to Vulnerability Management programs
  • Provide support to assessed organizations to ensure proper tracking of Plan of Action and Milestone (POA&M) items
  • Provide support and conduct annual reviews of the security controls (or some subset of the security controls) to ensure continued compliance as requested
  •  Assist with establishing footholds on endpoints within monitored organizations networks in order to provide day-to-day visibility into the security posture
  •  Provide expert support for the development and maintenance of develop of processes and best-practices for evaluating A&A data through a standard scorecard
  •  Utilize industry standard tools for automating the review of system configuration and security control compliance
  • Conduct periodic NIST controls assessments in support of network authorization and continuous monitoring
  • Provide detailed observations from controls assessments in the form of Security Assessment Report (SAR) and Risk Assessment Report (RAR) documents
  • Employ a scan-patch-scan methodology to ensure all systems identify and receive appropriate security patches
  • Conduct vulnerability scanning using industry standard tools (e.g. Tenable Nessus) on a weekly to bi-weekly basis
  • Report scan result data to appropriate system administrators to aid in the deployment of system updates and patches
  • Develop a mitigation plan detailing a prioritized timeline for patch deployment (e.g. 30-60-90-day patch deadlines based on each finding’s severity level)
  • Conduct false positive analysis and vulnerability analysis to determine the legitimacy of all detected vulnerabilities as well as prioritize their remediation
  • Configure the identified application to effectively ingest, process, and report vulnerability data collected during assessments as well as data provided from organizations’ self-assessments
  • Conduct long term trend analysis, identifying improvements or degradations in system security posture across the enterprise
  • Provide dashboard views of data roll-ups from all facets of assessed systems (e.g. risk, vulnerability data, POA&M status) in order to present high-level executive summary reports to government leadership

 

Required Skills

 

  • Must be able to perform Vulnerability and Compliance assessments on all devices identified during enterprise network scans, including: Operating systems, Oracle and MySQL Databases, and Web applications
  • Comfortable using enterprise-class network scanning tools such as: (Tenable Nessus, Tenable Security Center), database scanning tools (AppDetective and DbProtect) and Web scanning tools (Web Inspect), and should be knowledgeable about the security best practices and most common vulnerabilities that exist for each of these technologies, including SANS and OWASP Top 1
  • Experience performing enterprise-level assessment scanning of Networks, databases, and Web Applications
  • Comfortable configuring and performing host, ports and services discoveries on large enterprise networks, and identify target operating systems and applications/services based on discovery scan results
  • Experience with open source and commercial testing tools; A non-comprehensive list includes Nessus, NMAP, App Detective, Hailstorm, Guardium, and Web Inspect
  • Comfortable using, configuring, troubleshooting, and administering Tenable Security Center, Tenable Nessus (standalone), AppDetective, and Web Inspect
  • Solid understanding of the security policies used by intelligence organizations, as well as security guidelines published by the National Institute of Standards (e.g., 800-53 and 800-53a)
  • Ability to think critically and creatively. Capable of synthesizing and analyzing large amounts of scan data
  • Ability to articulate thoughts and findings in a concise and comprehensive manner

Certification Requirement

 

  • Must have one of the following certifications: ISC2, CISSP, GIAC, GCIA, or GCIH

 

Education Requirement

 

  • Bachelor’s degree or ten (10) years of IT experience

Location

 

  • Washington, D.C.

 Security Clearance

 

  • Top Secret with SCI eligibility and ability to pass a Counter-Intelligence (CI) polygraph

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Elastic SIEM Cyber Engineer who has experience managing an Elastic Cloud Enterprise & Elasticsearch platform in the federal market. You will be focused on the day-to-day operations and improvement of the ECE cluster utilized as the SIEM function. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

  • Elastic SIEM solution development, integration, platform architecture, and capacity planning in mission-critical environments
  • Deploying additional Elastic clusters using infrastructure as code (Ansible playbooks)
  • Maintain, secure, and upgrade ECE deployments
  • Integrate log and sensor data into ELK
  • Data modeling, query development and optimization, cluster tuning and scaling with a focus on fast search and analytics at scale
  • Streamline cybersecurity tactics, techniques and procedures
  • Create dashboards and reports in ELK
  • Leverage data analytics can machine learning algorithms for cyber operations
  • Provide adoption awareness and training for the ELK SIEM
  • Working with a multi-tenant platform and working with tenants to understand requirements
  • Providing subject matter expertise to assist the rest of the team in their roles

 

Required Skills

  • 4+ years of experience with IT with a focus in Linux sysadmin, databases, containers or cyber operations
  • 3+ years of experience with hands on operations of sizing, monitoring, and management, and open-source tools, including Kafka, Logstash, Beats, Elasticsearch, Kibana and Splunk
  • Knowledge of planning and executing data retention and life cycle management plans
  • Hands-on experience administrating Elasticsearch clusters (10+ Data nodes)
  • Knowledge of information retrieval and/or analytics domain
  • Experience with load balancing, DNS, TLS certificate generation and SAML integration.
  • Experience working with data solutions in a public sector
  • Excel at working directly with customers to gather, prioritize, plan and execute solutions to customer business requirements as it relates to our technologies
  • Familiar with SOC operations, open-source security frameworks, and Linux

Location

  • Alexandria, VA

Security Clearance

  • Must have an active Secret Clearance

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Engineering Assessor who has experience providing Technical Assessments thoroughtout the System Development Lifecycle (SDLC)/ System Engineering Lifecycle (SELC) to ensure a healthy security posture and effective compliance with federal requirements in the federal market. This is a unique opportunity to be involved with a broad range of technologies and to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.

 

Roles and Responsibilities

  • Assess the security posture of new and emerging technology that is implemented or before being implemented to identify all risks and the security posture of Enterprise IT organization systems
  • Define and enforce policies and guidelines as outlined within NIST SP 800-53, DHS 4300A, DHS 4300B Sensitive Systems Policy
  • Research and provide guidance in the implementation of system specific features and security controls to ensure effective compliance with federal requirements
  • Provide IT security consultation and recommendations to system stakeholders to promote a strong security posture for systems
  • Conduct security assessments throughout the System Development Lifecycle (SDLC)/ System Engineering Lifecycle (SELC) through research, security documentation reviewes, and communication with system stakeholders

 

Desired Skills

  • Strong understanding of the SDLC/ SELC lifecycles and the system security requirements required through each phase and at each gate
  • Expert knowledge of the NIST SP800-60 Risk Management Framework (RMF)
  • Expertise in security engineering and experience with conducting technical risk assessments for large and complex information systems that include a broad range of technologies
  • Proficiency in the application of NIST security controls guidance to Enterprise IT systems and applications
  • Strong technical understanding of IT system, services and application architectures including cloud
  • Excellent spoken and written communication skills, including the ability to speak clearly and distinctly, and to accurately summarize and describe information with correct, precise terminology
  • Ability to work cohesively with a team that includes Enterprise Architects, Security Analysists, and other Security Engineers

Education Requirement

  • Bachelors degree in related field

Years of Experience Requirement

  • 5+ years designing and implementing network, systems, and security solutions

Certification Requirement

  • Technical Certification (one or more of the following), CISSP, CCNP, MCSE

Location

  • Fairfax, VA

Security Clearance

  • Must be a U.S. Citizen

ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking Cybersecurity Engineers who have strong familiarity providing Cybersecurity assessment services utilizing a multitude of cyber tools, proven methodologies and industry best practices in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market. This position provides the opportunity to travel to client sites both locally and nationally.

 

Roles and Responsibilities

As part of the Cyber Assessments team, provide cybersecurity scanning and testing services, threat intelligence integration to provide cybersecurity customers with findings and information that informs the risk management and decision-making processes.

 

Required Skills 

  • Knowledge of host identification and exploitation of vulnerabilities
  • Knowledge of phishing procedures
  • Knowledge of script writing and crafting of payloads
  • Knowledge of database operations and system/network administration
  • In-depth knowledge and understanding of operation of assessment tools (including but not limited to Metasploit, Nmap, Burp Suite, Powersploit, and Cobalt Strike)
  • Ability to operate in a critical fashion in dynamic environments
  • Knowledge of FISMA and NIST 800 series standards
  • In-depth knowledge of network mapping, vulnerability scanning, penetration testing, and Web Application testing
  • In-depth knowledge of the procedures of Phishing Assessments, Wireless
  • Assessments, Operating System Security Assessments, and Database Assessments
  • Coordinates assessment equipment, including ensuring images on assessment equipment are up to date, equipment transport, setup and tear-down of equipment on-site, and general maintenance
  • Operates assessment tools, under the direction of the Government, the IT
  • Security Expert Level II, and NCATS Assessment Standard Operating Procedures
  • Assists the IT Security Expert Level II with development of documentation and reporting for coordination of Assessment report in accordance with the appropriate report template at the direction of the Government

Education Requirement

  • Bachelor’s Degree in related field

Years of Experience Requirement 

  • Minimum of 2 years operational experience

Certification Requirement

  • At least one of the following: OSCP, OSCE, GPEN, GXPN, or equivalent

Location 

  • Arlington, VA

Security Clearance

  • All personnel must have at least a PUBLIC TRUST clearance and pass a DHS background check

Applicants have rights under Federal Employment Laws. For more information please see:

Family and Medical Leave Act (FMLA) Poster

Equal Employment Opportunity (EEO) Poster

Employee Polygraph Protection Act (EPPA) Poster