ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Engineer who has experience developing and carrying out information security plans and policies in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market. 

Roles and Responsibilities

  • Perform research and assess the impacts of system modifications and technological advances on the system’s security
  • Review system security documentation in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document security relevant changes
  • Develop strategies to respond to and recover from a security breach
  • Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
  • Awareness training of the workforce on information security standards, policies and best practices
  • Implement protections
  • Installation and use of firewalls, data encryption and other security products and procedures
  • Conduct periodic network scans to find any vulnerability
  • Conduct penetration testing, simulating an attack on the system to find exploitable weaknesses
  • Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior
  • Investigate security breaches
  • Apply federal and organizational directives to manage system security operations.

Support federal information system documentation to include:

  • System Security Plan (SSP)
  • Security Concept of Operations (SECONOPs),
  • Architectural overviews
  • System Security Standard Operating Procedures (SOP) documents for performing assessments/security activities.
  • System configurations for devices and software performing security-relevant functions
  • Vulnerability and penetration test results
  • Security incident reports
  • System security performance metrics
  • Report on threat actor capabilities in order to clarify the details of security requirements or approaches and to implement solutions
  • Support source code analysis

Required Skills

Technical skills include:

  • Expertise in anti-virus software, intrusion detection, firewalls and content filtering
  • Knowledge of risk assessment tools, technologies and methods
  • Expertise in designing secure networks, systems and application architectures
  • Planning, researching and developing security policies, standards and procedures
  • System administration, supporting multiple platforms and applications

General skills include:

  • The ability to multi-task
  • A keen eye for detail
  • Strong organizational skills
  • The ability to thrive in fast-paced, high-stress situations
  • The ability to communicate network security issues to peers and management

Desired Skills

  • Expertise with mobile code, malicious code, and anti-virus software
  • Endpoint security solutions, including file integrity monitoring and data loss prevention
  • Cloud (AWS, Azure, etc.) platform as a service (PaaS) security
  • Automating security testing tools

Education Requirement

A bachelor’s degree in Computer Science or other Engineering or Technical Discipline

Years of Experience Requirement

  • 5+ years of information security experience with a focus on network, application and architecture.
  • Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
  • Knowledge of email security gateway, cloud and virtual technologies.
  • In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
  • Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
  • Knowledge of the HTTP protocol, including analyzing the request/response.

Certification Requirement

Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), Certified Information Security Manager (CISM) or other equivalent certifications preferred

Security Clearance

  • Requires Top Secret
  • Current DHS EOD

Sound like the job for you?

Send us a link to your resumé or portfolio to become part of our talent pool.

Click here to apply