ShorePoint is a cybersecurity services firm with a focus on high-profile, high-threat private and public-sector customers who demand experience and proven security models to protect their data. We are seeking a Security Engineer who has experience developing and carrying out information security plans and policies in the federal market. This is a unique opportunity to shape the growth, development and culture of an exciting and emerging company in the cybersecurity market.
Roles and Responsibilities
- Perform research and assess the impacts of system modifications and technological advances on the system’s security
- Review system security documentation in order to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes and document security relevant changes
- Develop strategies to respond to and recover from a security breach
- Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats
- Awareness training of the workforce on information security standards, policies and best practices
- Implement protections
- Installation and use of firewalls, data encryption and other security products and procedures
- Conduct periodic network scans to find any vulnerability
- Conduct penetration testing, simulating an attack on the system to find exploitable weaknesses
- Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior
- Investigate security breaches
- Apply federal and organizational directives to manage system security operations.
Support federal information system documentation to include:
- System Security Plan (SSP)
- Security Concept of Operations (SECONOPs),
- Architectural overviews
- System Security Standard Operating Procedures (SOP) documents for performing assessments/security activities.
- System configurations for devices and software performing security-relevant functions
- Vulnerability and penetration test results
- Security incident reports
- System security performance metrics
- Report on threat actor capabilities in order to clarify the details of security requirements or approaches and to implement solutions
- Support source code analysis
Technical skills include:
- Expertise in anti-virus software, intrusion detection, firewalls and content filtering
- Knowledge of risk assessment tools, technologies and methods
- Expertise in designing secure networks, systems and application architectures
- Planning, researching and developing security policies, standards and procedures
- System administration, supporting multiple platforms and applications
General skills include:
- The ability to multi-task
- A keen eye for detail
- Strong organizational skills
- The ability to thrive in fast-paced, high-stress situations
- The ability to communicate network security issues to peers and management
- Expertise with mobile code, malicious code, and anti-virus software
- Endpoint security solutions, including file integrity monitoring and data loss prevention
- Cloud (AWS, Azure, etc.) platform as a service (PaaS) security
- Automating security testing tools
A bachelor’s degree in Computer Science or other Engineering or Technical Discipline
Years of Experience Requirement
- 5+ years of information security experience with a focus on network, application and architecture.
- Specific Information Security related experience including encryption, IDS/IPS, Firewalls, SEIMs and Log Management, syslog analysis, HTTP and TCP/IP analysis, and vulnerability assessment.
- Knowledge of email security gateway, cloud and virtual technologies.
- In-depth knowledge of mapping business requirements to technology and ability to identify security gaps at the architecture level.
- Knowledge of common security vulnerabilities such as: XSS/CSRF, SQL Injection, Buffer Overflow, and DoS attacks.
- Knowledge of the HTTP protocol, including analyzing the request/response.
Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), Certified Information Security Manager (CISM) or other equivalent certifications preferred
- Requires Top Secret
- Current DHS EOD