Careers – ShorePoint, Inc.

At ShorePoint, we recognize that what we do for our customers is critical, complex and often intense. Our team-oriented culture promotes creativity and collaboration in a fun and relaxed work environment.

ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers.

Network Engineer (Zero Trust)

Who we are:

ShorePoint is a fast-growing, industry recognized, and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion, and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we’re looking for:

We are seeking a Network Engineer (Zero Trust) who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Network Engineer will have the opportunity to be exposed to all aspects of a Zero Trust Architecture initiative for a federal customer and will be encouraged to grow as the organization expands.

What you’ll be doing:

Plans, implements, and operates network services/systems, to include hardware and virtual environments.
Supports network integration and implementation of SASE solution
Supports migration of current information systems into SASE environment
Review existing network infrastructure and coordinate with other stakeholders and contractors to perform a network assessment to include but not limited to reviewing existing circuits, connection types, bandwidth, types of traffic, routing protocols, and more.
Develop a roadmap for SASE Branch Office Use Case implementation and make recommendations on how the Government should implement and migrate to the solution.
Support the Department migration from Multiprotocol Label Switching (MPLS) to a SASE Branch Office architecture
Coordinate with other Government PMO’s and respective contractors to ensure a successful migration from MPLS to a SASE Branch Office architecture
Develop and implement network backup and recovery procedures.
Integrate new systems into existing network architecture.
Monitor network capacity and performance.
Patch network vulnerabilities to ensure that information is safeguarded against outside parties.

What you need to know:

Must be able to create and present complex ideas to groups in a simplified manner
Ability to take a general request, drawing on past-experience and conversations to create well defined tasks
Work collaboratively with team members to communicate and share task status, and articulate when work requires assistance from the team toward completion
Expert knowledge of routing, TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
Expert knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
Working knowledge of leading SASE solutions including Palo Alto Prisma Access
Working knowledge of the UNIX, Linux and Windows Operating System’s and familiarity with a variety of subsidiary support systems.
Working knowledge of Active Directory, Office 365, Azure and AWS cloud services.
Working knowledge of virtualization technologies including VMWare ESX and RedHat OS
Experience with monitoring, data backups and recovery techniques, system utilization, and recovery testing.
Experience creating and maintaining network and system diagrams.
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Must have the ability and desire to solve problems and work in a highly technical environment.
Must be detailed oriented and possess good technical writing skills.
Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met
Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice
Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities

Must have’s:

BA/BS in Computer Science, Engineering or related technical IT field
At least 5 years of directly related work experience
Relevant industry certification preferred
Eligibility to obtain and maintain customer required security clearance

Beneficial to have the following:

Background and working knowledge of Palo Alto Prisma Cloud CASB, MS365 Defender preferred
Experience with design, implementation or maintenance of a Zero Trust architecture in a Federated enterprise environment
Experience operating and maintaining SD-WAN and/or NFV technologies

Where it’s done:

Washington, D.C (Remote available)

CLICK HERE TO APPLY

Cyber Data-Flow Systems Engineer

Who we are:

The Perks:

Who we’re looking for:

We are seeking a Cyber Data-Flow Systems Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. The CDSE is responsible for engineering and configuring cyber data collection and delivery applications or utilities based on architecture plans and system designs. The CDSE will be a part of a Cyber R&D team responsible for evaluating specific cyber data collection, transformation and advanced analytic technologies through application and testing inside development test ranges across on-premises and cloud infrastructures. As a subject matter expert additional activity will be required in support to the software developers, database architects, data analysts and other program teammates to achieve the cyber data modernization goals and ensure advanced solutioning exceeds production deployment requirements. This is a unique opportunity to join an exciting company where you will have a voice and be an active participant in driving growth and shaping the future of government cyber data modernization capabilities.

What you’ll be doing:

Extensive experience as a data systems engineer or comparable discipline in a government environment
Building infrastructure required for extraction, transformation, and loading of data from a wide variety of data sources
Advanced applied knowledge and experience interfacing collecting cyber data sets from IDS, Meta-PCAP, OS, Email, EDR tools to include custom application with relational databases, flat files, or unstructured types and formats.
Experience building and optimizing data pipelines, architectures, and data sets
Engineers and deploys security data Integration Platforms with infrastructure automation and configuration management.
Conducts parsing/normalization of all data feeds
Documents and automates parsing of tools/versions within inventory catalog
Investigates/correlates new data feeds for inventory and data source updates
Provides site-specific data platform technical reach-back and guidance for site administrators
Experience with Agile management and associated tools
Self-starting and able to drive projects to completion in a fast-moving environment
Solid communications skills, both written and verbal
Able to create, discuss and explain technical documentation
Ability to function effectively as part of a high-performance team

What you need to know:

Experience troubleshooting issues related to data connections and/or data sources.
Advanced Linux systems administration.
Familiar with NISTIR 8112.
Multi-cloud (AWS, Azure, Google, and/or other SaaS providers) and on-premises system implementation and data integration experience.
Experience with one or more data queuing technologies such as Kafka or Redis.
Cyber data collection utility implementation such as Splunk or Elastic Beats
Cyber data taxonomy and types

Must have’s:

Must be a U.S. Citizen and have an ability to obtain and maintain a clearance
Bachelor’s Degree in a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience
Minimum of 5+ years of experience sourcing, connecting, and assembling large, complex data sets through specified technologies
Minimum of 5+ years of experience system or application integration

Beneficial to have the following:

Infrastructure automation; terraform or cloud formation
Configuration management; Ansible
Cyber Data Analytics
Distributed systems integration; Hadoop or Elasticsearch

Where it’s done:

Herndon, VA and Remote

CLICK HERE TO APPLY

Cyber Network Security Engineer

Who we are

The perks

Who we’re looking for

We are seeking a Cyber Network Security Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Cyber Network Security Engineer will support a global organization in modernizing their security monitoring infrastructure through designing and implementing solutions around Zero Trust Architecture and migration to IPv6.

What you’ll be doing

Identifies and evaluates business needs for security gaps and will help to create and implement security strategies and plans. Anticipates security requirements and identify sound security controls for applications, systems, processes, and organizations. Works with customers to outline roadmaps, strategies, and approaches for the migration to IPv6 and realization of cross cutting security solutions that exploit ZTA product services and capabilities. Plans, implements, and operates network services/systems, to include hardware and virtual environments. Integrate new systems into existing network architecture. Ensure security monitoring and response applications and services are properly designed and implemented for optimal operations in the modernized environments.

What you need to know

Design and deploy functional networks (LAN, WLAN, WAN) in a globally distributed, multi-cloud environment

Proficiency with IPv6 – Auto Configuration (DHCP/Stateless), Tunneling (ISATAP, 6to4), NAT-PT, OSPFv3,RIPng, EIGRPv6
Working knowledge of SD-WAN and NFV
Knowledge of route optimization, dynamic routing, SD Wan, packet aggregation, network tapping, IPV6, and BGP

Mapping security capabilities to the logical components of the NIST ZTA
Mapping data flows between architecture components in order to recommend appropriate levels of network segmentation and placement of PEPs
Develop requirements for ZTA from Federal Government customers
Baseline ZTA capability configurations
Validating and verifying ZTA implementation success and ongoing configuration changes

Working knowledge of Active Directory, Office 365, Azure and AWS cloud services.
Working knowledge of VMWare ESX and Redhat OS virtualization.

Must have’s

Must possess a Secret clearance at minimum
Bachelor’s or Master’s degree in Computer Science, Engineering, Cybersecurity, or IT
4+ years of experience performing functions in position description

Additional 4 years’ of enterprise cybersecurity & architecture experience can substitute degree requirement
Experience with design, implementation or maintenance of a Zero Trust architecture in a Federated enterprise environment
Experience operating and maintaining SD-WAN and/or NFV technologies
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
Must have the ability and desire to solve problems and work in a highly technical environment
Must be detailed oriented and possess good technical writing skills
Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met
Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice
Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities

CISSP with any of the following preferred:

CCNA and/or CCNP Security Certification
Microsoft Azure/ AWS certifications

Beneficial to have the following

Significant experience supporting in-depth defense strategies in large and complex networks to rapidly identify and develop effective counter-measures
Significant expertise conducting hands on evaluation, implementation, troubleshooting and operation of leading security Cyber defense tools and technologies

Where it’s done

Herndon/Reston, VA, Washington, D.C (Remote)

CLICK HERE TO APPLY

Policy Analyst (Zero Trust Architecture)

Who we are:

The perks:

Who we’re looking for:

We are seeking a Policy Analyst (Zero Trust Architecture) who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Policy Analyst will support the growth of a new program.

What you’ll be doing:

Responsible for determining information system requirements by evaluating business strategies; researching information technology standards conducting system analyses and risk assessments; studying architecture/platform; identifying integration issues; or preparing cost estimates.
Perform gap analysis of existing set of security policies and procedures against policy drivers and overarching compliance requirements including FISMA, OMB Memorandum, CISA guidance, NIST best practices, and federal laws.
Will develop and update security policies and procedures as federal guidance changes and will maintain and publish guidance for various stakeholders throughout the organization.
Will support mechanisms to receive feedback and incorporate updates as needed.
Will develop white papers, executive briefings, and memorandum to support and promote policy and guidance drivers and make recommendations on appropriate updates.

What you need to know:

Experience with drafting, and maintaining enterprise-wide cybersecurity policies, any technical standards, secure baseline configurations, and implementation guidance for the design and implementation of ZTA related cybersecurity controls within the information systems.
Experience with items such as white papers, Chief Information Security Officer (CISO) memos and similar documents necessary to show program/systems/service status, conduct change/configuration management of the program/system/service and promote the success and challenges of the program.
Experience aligning cybersecurity policies, instructions, technical standards and implementation guidance with overarching Federal regulations, guidance and best practices including but not limited to: Federal Information Processing Standards (FIPS), National Institute of Standards and Technologies (NIST) Standards, Office of Management and Budget Memos, Security Technical Implementation Guides (STIGs), CIS Benchmarks, Vendor Hardening Guides, Executive Orders (EOs), Binding Operational Directives, Office of Inspector General (OIG) recommendations and Government Accountability Office (GAO) recommendations

Must have’s:

Bachelor’s or Master’s degree preferred.
2-5 years of experience performing functions in position description.
Eligibility to obtain and maintain customer required security clearance.

Beneficial to have the following:

Experience with applying expertise through client consultation, client collaboration, and articulating technical requirements into business narratives for clients.
Experience with Agile software delivery projects using Scrum or Kanban.
Working knowledge of FIDO and other emerging authentication protocols.
Experience implementing Zero Trust Architecture (ZTA).

Where it’s done:

Herndon, VA or Remote

CLICK HERE TO APPLY

Senior Security Controls Assessor

Who we are

The Perks

Who we’re looking for:

We are seeking a Senior Security Controls Assessor who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Senior Security Controls Assessor will have the opportunity to be exposed to all aspects of security and privacy controls along with control enhancements and will be encouraged to grow as the organization expands.

What you’ll be doing:

Conducts independent comprehensive assessments of the management, operational, and technical security/privacy controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)

What you need to know:

Extensive experience conducting security control assessments using NIST SP 800-53, including preparation of complete authorization packages
Strong technical skills in performing security reviews, identifying gaps in security architectures, and developing a security risk management plan
Expertise in technical security assessment techniques, tools, and practices
Experience performing risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
Extensive experience in reviewing authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
Experience in developing security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met
Ability to make decisions and resolve problems effectively – Seek out information and data to evaluate, prioritize and formulate best solution or practice
Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities

Must have’s:

BA/BS in Computer Science, Engineering or related technical IT field
Preferred – MA/MS in a technical/cyber-related field
Seven (7) + years of relevant cyber-security experience
ISC2 Certified Information Systems Security Professional (CISSP)
Eligibility to obtain and maintain customer required security clearance

Beneficial to have the following:

Deep knowledge in the following areas: network and host-based firewalls, intrusion detection/prevention systems, data loss prevention, vulnerability scanning, anti-malware and spam protection, secure data transmission technologies, and network monitoring/protection solutions
Deep understanding and proficiency in network security architecture concepts including topology, protocols, components, and principles
Knowledge of modern software development and deployment practices including unit testing, continuous integration and continuous deployment
Skill in designing security controls based on cybersecurity principles and tenets
Ability to effectively interact with various levels of senior management is necessary
Experience as a member of a certified FedRAMP Third-party Assessment Organization (3PAO) desired

Where it’s done:

Herndon, VA OR Remote

CLICK HERE TO APPLY

Program Manager

Who we are:

The perks:

Who we’re looking for:

We are seeking a passionate, highly motivated Program Manager who has diverse experience providing customer and team support in a dynamic, fast-paced environment within the public sector. The Program Manager will contribute to the growth of the company by leading a team to effectively manage emerging technology, policy, and overall programmatic risk. This is a unique opportunity to shape the progress, development, and culture of an exciting and rapid-growing company in the cybersecurity market.

What you’ll be doing:

Ensure the security requirements necessary to protect the organization’s mission and business processes are properly addressed in all aspects of data integration and normalization
Enable monitoring of environment and identification changes while retaining data for analytics
Provide guidance for data inventory to modernize initiatives across the enterprise
Directing, monitoring, and controlling, and tracking the work of others
Managing the creation, updates and modification of contractual deliverables to ensure accuracy and completeness of work
Coordinate and conduct enterprise-wide data calls using tools such as Microsoft Forms, Excel, Teams, and other applications to provide a consistent stakeholder experience
Working closely with Federal leadership up to Senior Executive level to advise and help develop program strategy
Developing and executing program roadmap for implementing and maintaining enterprise cyber security capabilities
Assists with documenting project plan activities, resource estimates and timelines for all planning efforts, design, development, testing, implementation, risk and issue registries, stage gate reviews and approvals required, training and documentation needed and support needs

What you need to know:

Experience managing, coaching, and motivating diverse resources
Experience developing and maintaining catalog of Agile-based work product backlog
Experience producing accurate status reports (weekly/monthly) with a focus on quality
Experience communicating plan development and implementation strategies
Experience with quality control/assurance
Understanding of MS Project to effectively maintain a programmatic level Integrated Master Schedule
Understanding of how Executive Orders, OMB Memorandums and CISA Binding Operational Directives correlate and impact Department policies, procedures, standards, and operational requirements

Beneficial to have the following:

Bachelor’s degree in a technical field (For ZTA – 5+ years or additional 3yrs and PMP)
Ability to obtain agency level clearance
Strong verbal and written communication skills to help foster stakeholder engagement and build trust across customer organization
Leadership skills that promote collaboration and empower the team to be their best
Understanding of Agile practices and concepts
Comfortable prioritizing and delegating tasks across the team
Working knowledge and understanding of cyber security principles and practices
Ability to effectively lead and moderate varying types of meetings
Valid PMI Project Management Professional certification

Where it’s done:

Herndon/Reston, VA (Remote)

CLICK HERE TO APPLY

Cyber Data Systems Architect

Who we are:

The Perks:

Who we’re looking for:

We are seeking a Cyber Data Systems Architect who has experience providing support in a dynamic, fast-paced environment within the public sector. The CDSA is responsible for architecting and designing a cyber data collection and data management solution. The CDSA will be a part of a Cyber R&D team responsible for evaluating specific cyber data collection, transformation and advanced analytic technologies through application and testing inside development test ranges across on-premises and cloud infrastructures. As a subject matter expert additional activity will be required in support to the software developers, database architects, data analysts and other program teammates to achieve the cyber data modernization goals and ensure advanced solutioning exceeds production deployment requirements. This is a unique opportunity to join an exciting company where you will have a voice and be an active participant in driving growth and shaping the future of government cyber data modernization capabilities.

What you’ll be doing:

Extensive experience as a data systems architect or comparable discipline in a government environment
Building infrastructure required for extraction, transformation, and loading of data from a wide variety of data sources
Advanced applied knowledge and experience interfacing collecting cyber data sets from IDS, Meta-PCAP, OS, Email, EDR tools to include custom application with relational databases, flat files, or unstructured data types and formats.
Experience building and optimizing data pipelines, architectures, and data sets
Architect and lead deployment of security data Integration platforms with infrastructure automation and configuration management.
Conducts parsing/normalization of all data feeds
Documents and automates parsing of tools/versions within inventory catalog
Investigates/correlates new data feeds for inventory and data source updates
Provides site-specific data platform technical reach-back and guidance for site administrators
Experience with Agile management and associated tools
Self-starting and able to drive projects to completion in a fast-moving environment
Solid communications skills, both written and verbal
Able to create, discuss and explain technical documentation
Ability to function effectively as part of a high-performance team
Ability to formulate and disseminate engineering tasks

What you need to know:

Experience troubleshooting issues related to data connections and/or data sources.
Advanced Linux systems administration.
Familiar with NISTIR 8112.
Multi-cloud (AWS, Azure, Google, and/or other SaaS providers) and on-premises system implementation and data integration experience.
Experience with one or more data queuing technologies such as Kafka or Redis.
Cyber data collection utility implementation such as Splunk or Elastic
Cyber data taxonomy and types

Must have’s:

Must be a U.S. Citizen and have an ability to obtain and maintain a clearance
Bachelor’s Degree in a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience
Minimum of 8+ years of experience sourcing, connecting, and assembling large, complex data sets through specified technologies
Minimum of 5+ years of experience with system or application integration
Experience Leading a team of engineers.

Beneficial to have the following:

Infrastructure automation; terraform or cloud formation
Configuration management; Ansible
Cyber Data Analytics
Distributed systems integration; Hadoop or Elasticsearch

Where it’s done:

Herndon, VA and Remote

CLICK HERE TO APPLY

Senior Cyber Security Analyst

Who we are:

The Perks:

Who we’re looking for:

We are seeking a Senior Cyber Security Analyst who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Senior Cyber Security Analyst will have the opportunity to be exposed to all aspects of the program and will be encouraged to grow as the organization expands.

What you’ll be doing:

In this role you will work closely with cross-functional teams to conduct multi-site assessments of the enterprise’s cyber security data collection architecture. This architecture will enable the protection of critical assets ensuring their resilience against cyber threats. Through discovery and assessments, you will identify weaknesses, perform gap analysis, and assist in the implementation of robust security remediation efforts. Additionally, you will work with various stakeholders to determine system level requirements. Effective communication and presentation skills are essential to engage stakeholders, influence decision-making, and educate the organization on the importance of cyber.

What you need to know:

Strong understanding of cyber security principles and best practices
Proficiency in network security protocols and technologies
Experience with risk assessment and mitigation strategies
Strong communication and documentation skills
Ability to create, discuss and explain technical documentation
Experience working directly with customers to gather, prioritize, plan and execute solutions to business requirements
Self-starting and able to drive projects to completion in a fast-moving environment

Must have’s:

At least 7+ years experience in IT or Cybersecurity environments
Ability to obtain agency level clearance (DoE Q Clearance)
Ability to travel 10-15%

Beneficial to have the following:

Ability to develop and implement cyber security strategies and roadmaps
Ability to analyze and interpret security logs and events
Experience with security operations center (SOC) operations and technologies
Familiarity with cyber security data sources including Zeek, Suricata, End-Point Detection & Response (EDR)
Familiarity with cloud security and virtualization technologies
Familiar with cybersecurity data collections methods, ETL (extraction, transform, load), queuing and SIEM technology (Splunk, Elastic, Arcsight)
Bachelors degree in technical field

Where it’s done:

Herndon, VA and Remote

CLICK HERE TO APPLY

Elasticsearch Engineer

Who we are:

The Perks:

Who we’re looking for:

We are seeking an Elasticsearch (Elastic/ELK/ECE) Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Elasticsearch (Elastic/ELK/ECE) Engineer will have the opportunity to be exposed to all aspects of Systems Engineering and will be encouraged to grow as the organization expands.

What you’ll be doing:

Responsible for working with the Integration, and Architecture teams to design, document, build, secure, and maintain Elasticsearch, Logstash, Kibana (and X-Pack) Enterprise solutions deployed in the Cloud or on-premises environment
Work closely with architects, engineers, and integrators to assess customer requirements and to design and support an Elasticsearch Stack solution to ensure compliance with data requirements
Follow life cycle processes to move solutions from Dev to Test to Production.
Participate in group sessions as well as attend and share in agile sprint daily meetings to track progress to ensure development of solutions is in support of the project and customer requirements.
Serve as a trusted advisor, providing subject matter expertise, guidance, and best practice recommendations.
Configure and maintain Linux based Operating system files in support of the Elasticsearch products (yum updates and product version upgrades)
Install and configure an Elastic Cloud Enterprise solution and ensuring communication and integration among the Elasticsearch products and data sources.
Document the installation and configuration for deployment
Secure the solution by being familiar with TLS, certificates, SSO/PIV authentication, and encryption technologies
Work with the data lifecycle management team
Test data flows, troubleshooting issues, and monitoring the health of the solution and servers to maximize performance and minimize downtime
Work with a team and provide analysis of alternatives and progress status in daily sprint meetings
Meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner
Develop and manage effective working relationships with other departments, groups, and personnel with whom work must be coordinated or interface
Recommend enhancements and modifications to optimize business intelligence processes

What you need to know:

Software Development using Java with an IDE (e.g. Eclipse, CodeReady)
Parsing File formats (e.g., JSON, XML, and CSV)
SQL SERVER database design, programming, tuning, writing SQL queries/procedures
Developing/automating test procedures
Web services client development using REST API
Release Management and build tools (e.g., Maven, Jenkins) and configuration tools (e.g., SVN)
Secure coding practices including use of encryption (e.g., Certificates, TLS Connections)

Must have’s:

BS in Computer Science or related field Experience required
2+ years of experience
Must be a US citizen (non-dual citizenship)
Able to obtain and maintain agency required clearance

Beneficial to have the following:

Experience with SAML authentication, familiarity with domain structures, user authentication, and PKI
Experience with Messaging Queues (e.g., RabbitMQ)
Experience with Microsoft SQL
Experience with programming and working with regular expressions (XML, Java, JSON, Python, PowerShell, painless, grok)
Relevant security certifications a plus: CISSP, CISM, CISA, Security+, CEH
Understanding of interrelationships between critical infrastructure protection and cybersecurity
Knowledge and experience with Assessment & Authorization (A&A) processes in Federal environments, preferably with experience utilizing the NIST Risk Management Framework (RMF)

Where it’s done:

Reston, VA (REMOTE)

CLICK HERE TO APPLY

Senior Cybersecurity Engineer (ISSO)

Who we are

The Perks

Who we’re looking for

We are seeking a Senior Cybersecurity Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. This is a unique opportunity to shape the growth, development, and culture of an exciting and fast-growing company in the cybersecurity market. The Senior Cybersecurity Engineer will have the opportunity to be exposed to all aspects of navigating the ATO process and will be encouraged to grow as the organization expands.

What you’ll be doing:

Supporting a federal client within the National Capital Region. You will be at the forefront of ensuring a continuity of operations by supporting the functional and technical aspects and working to confirm that government systems meet all requirements for an authority to operate (ATO) before being officially submitted for federal approval. You will provide division wide IT support for operational systems while assisting other programs.

What you need to know:

Project categorization levels based on FIPS 199
Creating network diagrams and compiling a list of IT assets and applications
Select security controls based on the projected categorization
ID or create policies as required by the NIST guidelines
Configuring existing software to meet security controls
Produce control artifacts at the request of the ISSO
Install and configure monitoring software
Create System Security Plan
Address any POAMs as required and aid in the continuous monitoring of systems

Must have’s:

A minimum of 5 or more years of direct experience in Information Assurance (IA), ISSE, ISSO, or similar role supporting ATO package development, including generating security documentation for requirements, security control assessment, STIG and IAVA compliance, SOPs, test results, Risk Management Framework (RMF), etc.
Thorough understanding of and experience with the Federal Information Security Management Act (FISMA) and RMF.
Knowledge and experience in supporting ATO processes specific to DHS
Professional security certifications such as CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+ CE, SSCP or higher.
Design and configure servers for work in online and air gapped environments
Ability to multi-task across systems as needed
Must currently hold an ACTIVE Top Secret (TS) Clearance with SCI eligibility
Minimum – Bachelors degree

Where it’s done:

On client site in Washington, D.C

CLICK HERE TO APPLY

Vulnerability Assessment Engineer

Who we are:

The perks:

Who we’re looking for:

We are seeking a Vulnerability Assessment Engineer who has experience providing support in a dynamic, fast-paced environment within the public sector. The Vulnerability Assessment Engineer will perform comprehensive assessments that produces actionable security recommendations that are tailored to the assessed environment, to include vulnerability assessment and vulnerability management. This is a unique opportunity to join an exciting company where you will have a voice and be an active participant in driving growth and shaping our companies’ culture.

What you’ll be doing:

Work closely with target organizations to ensure full comprehension of the standard security controls; conduct site visits as required
Assist with security controls compliance assessments using established matrixes of tailored control and provide expert support in assessments of target organizations
Provide support to Vulnerability Management programs
Provide support to assessed organizations to ensure proper tracking of Plan of Action and Milestone (POA&M) items
Provide support and conduct annual reviews of the security controls (or some subset of the security controls) to ensure continued compliance as requested
Assist with establishing footholds on endpoints within monitored organizations networks to provide day-to-day visibility into the security posture
Provide expert support for the development and maintenance of develop of processes and best-practices for evaluating A&A data through a standard scorecard
Utilize industry standard tools for automating the review of system configuration and security control compliance
Conduct periodic NIST controls assessments in support of network authorization and continuous monitoring
Provide detailed observations from controls assessments in the form of Security Assessment Report (SAR) and Risk Assessment Report (RAR) documents
Employ a scan-patch-scan methodology to ensure all systems identify and receive appropriate security patches
Conduct vulnerability scanning using industry standard tools (e.g., Tenable Nessus) on a weekly to bi-weekly basis
Report scan result data to appropriate system administrators to aid in the deployment of system updates and patches
Develop a mitigation plan detailing a prioritized timeline for patch deployment (e.g., 30-60-90-day patch deadlines based on each finding’s severity level)
Conduct false positive analysis and vulnerability analysis to determine the legitimacy of all detected vulnerabilities as well as prioritize their remediation
Configure the identified application to effectively ingest, process, and report vulnerability data collected during assessments as well as data provided from organizations’ self-assessments
Conduct long term trend analysis, identifying improvements or degradations in system security posture across the enterprise
Provide dashboard views of data roll-ups from all facets of assessed systems (e.g., risk, vulnerability data, POA&M status) to present high-level executive summary reports to government leadership

What you need to know:

Ability to conduct Vulnerability Assessments using industry tools – NESSUS, Tenable, etc. Experience with Tenable (Tenable.io or Tenable.sc) in an enterprise environment highly preferred.
Experience in vulnerability management strategies, standards, procedures and technologies across infrastructure and application-level vulnerabilities.
Experience scanning Windows, RHEL and Centos Operating Systems and troubleshooting scans, to include the ability to communicate with customers daily describing the results of scans
Experience scanning Virtual environments to include VMware vSphere infrastructures,
Network devices, Databases (Oracle, MSSQL, MySql, Postgres), and websites web with tenable.sc
Intermediate to advanced knowledge of the following platforms in an enterprise environment: Windows and RHEL, routing, switching, IDS, IPS, Firewalls
An understanding of mapping and scanning applications and systems, including port scanning, identifying services and configurations, application flow charting, and session analysis.

Must have’s:

Bachelors in Cybersecurity, Computer Science/Electrical Engineering, Engineering, or IT
Top Secret with SCI eligibility and ability to pass a Counterintelligence (CI) polygraph
Shall possess one or more of the following certifications: (ISC)2 Certified Information Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), SANs GIAC certification (e.g., GPEN or GW APT), and EC-Council Certified Ethical Hacker (CEH)

Beneficial to have the following:

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
Comprehensive knowledge in the one or more of the following areas: information security, network security, Windows security, UNIX/Linux security, and web application security
Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including 800-53 rev 5 and the ATO process
Ability to research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits

Where it’s done:

Washington, D.C

CLICK HERE TO APPLY

Applicants have rights under Federal Employment Laws. For more information please see:

Family and Medical Leave Act (FMLA) Poster

Equal Employment Opportunity (EEO) Poster

Employee Polygraph Protection Act (EPPA) Poster