Tria Federal delivers digital services and technology solutions that support the health and safety of veterans, service members, and civilians. They are seeking a Senior Security Engineer to facilitate security operations, including web applications, infrastructure scanning, and security monitoring. The role involves developing security measures, managing security documentation, and ensuring compliance with federal security standards.
Responsibilities:
- Engineer, implement, and monitor security measures for the protection of computer systems, networks, and information
- Identify and define system security requirements
- Design computer security architecture and develop detailed cyber security designs
- Prepare and document standard operating procedures and protocols
- Configure and troubleshoot security infrastructure devices
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
- Ensure that the company knows as much as possible, as quickly as possible about security incidents
- Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement
- Video documentation of Proof of Concept or Vulnerability Exploitation
- Maintain ATOs and all security documentation, including, but not limited to: SSP, CP, ISRA, TableTop Exercises, and PIA
Requirements:
- Proven work experience as a system security engineer or information security engineer
- Thorough knowledge of NIST 800-53 controls, ATO processes, and FedRAMP systems
- Required to maintain ATO for systems and perform during annual Adaptive Capabilities Testing (ACT)
- Thorough understanding of the latest security principles, techniques, and protocols
- Experience with Kali, Linux, and Windows Operating Systems
- Knowledge of static and dynamic code testing
- Experience in building and maintaining security systems
- Detailed technical knowledge of database and operating system security
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Problem solving skills and ability to work under pressure in a fast-paced environment
- Familiarity with Cloud Computing Platforms (AWS, Azure, Google)
- Proficiency with Nessus, Burp Suite, ZAP, and OWASP
- Writing scripts with Python, Bash, and PowerShell
- Experience with Splunk, Salesforce, AppOmni, and AWS -> They need to showcase they have experience managing integrations with these software packages and can work without supervision to complete assigned tasks
- CISSP
- AWS Security Certification
- Certified Authorization Professional (CAP)
- Certified Ethical Hacker (CEH)
- Certified Network Defense Architect (CNDA)