Cybersecurity Engineer

Cybersecurity Engineer

Location: Remote (local to DC area)

Clearance: Top Secret

Our client is deeply committed to staying ahead of the evolving threat landscape, continuously innovating to deliver effective and reliable security services that empower their users and customers to confidently navigate the digital world. We are passionate cybersecurity professionals dedicated to making a real difference. If you're driven by a desire to protect organizations from cyber threats and contribute to a safer digital world and want to make a difference for the Department of Defense, this is the place for you.

Duties and Responsibilities:

CSE will assist in the monitoring of customer network traffic, analyze security logs, investigate potential security incidents and help lead the response when threats are detected. They will also implement security measures, such as firewalls and intrusion detection systems, and provide recommendations to enhance the organization's overall cybersecurity posture. Additionally, they will apply advanced expertise in cyber threats and trends to proactively identify and respond to emerging risks.

• Ensure all non-low risk logs are collected by the SIEM and ensure alerts if those logs are not received as expected
• Regularly review rulesets in our security toolsets including but not limited to the SIEM, EDR, and NDR. Ensure rulesets have comprehensive coverage for all non-low risks
• Conduct detailed technical analysis of IT systems environments from Endpoint, Network, and other technical data
• Assist with configuration of cybersecurity tools that are deployed, including Endpoint security systems, Next-Generation Firewalls, Mobile Threat Detection solutions, and Email Security solutions
• Identify process improvements and implement solutions to existing processes
• Design reporting standards and employ best practices in cybersecurity analysis to provide quality products to non-technical audiences
• Full-spectrum incident response support including event discovery, alert notification, investigation, facilitation of containment, facilitating resolution, and event reporting
• Perform mitigation activities for current and residual risk
• Assist with project planning and identification of mitigation activities
• Proactive monitoring of internal and external-facing environments using specialized security applications
• Proactively research and monitor security-related information sources to aid in the identification of threats to networks, systems and intellectual property
• Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimize gaps in response and provide comprehensive mitigation of threats
• Advanced Analysis: Investigate Threat and DLP alerts analyzing patterns to prioritize threats.
• Detection & Prevention: Leverage tools to interpret data and prevent security incidents.
• Continuous Improvement: Identify trends and suggest improvements for detection policies and practices to enhance our overall security framework.
• Collaboration: Work closely with teams across Cyber Defense, Legal, Privacy, and HR during investigations to ensure compliance and resolution.
• Incident Reporting: Prepare detailed reports on investigations, incidents, and mitigation strategies, keeping stakeholders informed.
• Policy Refinement: Help fine-tune detection tools by providing feedback to the CTO and InfoSec team.

Skills/Experience/Certifications:

• 5+ years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 5 years' experience designing and deploying security solutions and initiatives
• Bachelor’s degree in computer science, Mathematics, Engineering, or other related areas of study
• 3+ years working with a SIEM in a content development or Incident Response role
• 3+ years of System and/or Network Administration experience
• Top Secret Security Clearance
• Relevant certification from a nationally recognized technical authority meeting DOD 8570.01 IAT II.
• Must possess and maintain DOD 8570.01 CNDSP/CSSP-IR or CSSP-A certification
• Understanding of various log formats
• Understanding of the MITRE ATT&CK framework
• Strong understanding of network architecture
• Experience developing & maintaining scripts (preferably using PowerShell, Python or SPL)
• Understanding of Defense-in-Depth