Previous Job
Previous
Senior Engineer Information Security-Washington, DC
Ref No.: 18-02076
Location: Washington, District of Columbia
Senior Engineer Information Security
Location              : Washington, DC
Position               : Contract
Rate                    : DOE
 
US Citizen, Green Card, TN, GC EAD and H4 EAD only No Third-party agencies corp to corp.
 
Qualifications:
  • Bachelor's degree or equivalent, relevant experience.
  • 7+ years of hands-on information technology security experience.
  • Must have current Certified Information Systems Security Professional (CISSP) certification or obtain it within one year of hire.
  • Additional certifications such as GIAC (SANS) certifications, CEH, LPT, PCI-ISA, etc. are preferred. Documentation of successful completion of underlying coursework for such certifications may be considered.
  • Special preference will be given to cloud security certifications, whether vendor-neutral (CCSK, CCSP) or vendor-specific (AWS Certified Solutions Architect).
  • Experience with PCI, ISO, and SOX or analogous experience with regulatory compliance in other industries preferred.
  • 5 + years of relevant work experience designing and implementing security controls and securing systems, applications, and infrastructure.
  • 2 + years of relevant work experience - Vulnerability and penetration testing tools and techniques.
  • 2 + years of relevant work experience - Malware protection and response.
  • 2 + years of relevant work experience - IDS/IPS and security event/ log monitoring and correlation.
  • 1 + years of relevant work experience -- Information security in the cloud.
  • 1 + years of experience - Security program implementation.
  • Working knowledge of ISO standards, PCI, OWASP Top 10.
  • Experience with internet facing services and 24x7 environment.
  • Experience with broadcast operations and/or telematics services is preferred.
 
Required Skills:                
  • CISSP, Cloud, ISO, Malware, Penetration Tester, Vulnerability Assessment
 
Responsibilities:
  • Serves as information security subject matter expert for infrastructure, broadcast, connected vehicle services, streaming and systems and network security.
  • Supports the information security program and performance of relevant information security engineering and security architecture development activities for the broadcast, connected vehicle services, streaming and infrastructure services of Sirius XM.
  • Collaborates with business owners, product/systems engineers, and operational personnel to understand business priorities and goals, company culture, and processes to identify information security risks; works with teams to recommend and help implement solutions and/or mitigating controls.
  • Provides technical design, documented guidelines and implementation support of security controls for servers, workstations, network devices, multi-function devices, mobile computing platforms, and applications.
  • Advises on information security best practices and design standards as applied to cloud deployments.
  • Serves as a technical security liaison with OEM clients and their respective security representatives as assigned.
  • Actively tracks vulnerability findings and status of remediation, driving toward resolution.
  • Validates the continued and proper placement, operation, and tuning of security instrumentation, including vulnerability scanners, intrusion detection sensors, DLP, security log monitoring/correlation tools, file integrity monitoring solutions, and other security relevant controls by monitoring the IT security operations groups and their activities.
  • Conducts threat modeling for cloud and enterprise applications, systems and networks.
  • Expedites neutralization of threats that pose immediate danger to the confidentiality, integrity, and availability of information assets.
  • Evolves and adapts incident response and handling procedures commensurate with changing threat landscape and business needs.
  • Provides routine status and metrics for information security to the Director, Security Technologies and Investigations.
  • May perform daily and alert-based monitoring of information security events and initiate response procedures in accordance with established processes.
  • May perform routine and ad-hoc information security vulnerability scanning and testing to identify risks to information assets; escalate and expedite resolution/mitigation of vulnerabilities deemed high/critical severity.
  • Helps raise awareness of information security in the company and provide holistic guidance on information security.
  • Develops and conducts Cloud security training for end users and operational units.