ISSO​/Systems Security Engineer Security Clearance

Position: ISSO/Systems Security Engineer with Security Clearance
Overview ISSO/SYSTEMS SECURITY ENGINEER Bowhead is seeking a skilled full-time ISSO/Systems Security Engineer to join our team in Dahlgren, VA. The ideal candidate will have a strong background in computer networking concepts and protocols, as well as network security methodologies. The ISSO/Systems Security Engineer will be responsible for identifying and mitigating vulnerabilities in security systems, conducting vulnerability scans, and applying system, network, and operating system hardening techniques.

Responsibilities

Key Responsibilities:

* Conducting vulnerability scans and recognizing vulnerabilities in security systems.
* Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
* Conducting application vulnerability assessments.
* Identifying systemic security issues based on the analysis of vulnerability and configuration data.
* Sharing meaningful insights about the context of an organization's threat environment that improve its risk management posture.
* Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
* Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution.
* Performing impact/risk assessments.

Required Skills:

* Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
* Skill in using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.).
* Skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
* Skill in conducting application vulnerability assessments.
* Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
* Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
* Ability to cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Tenable Assured Compliance Assessment Solution (ACAS)
* Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS)
* Skill in applying host/network access controls (e.g., access control list).
* Skill in using Virtual Private Network (VPN) devices and encryption.
* Skill in securing network communications.
* Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
* Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
* Skill in performing impact/risk assessments.
* Skill to develop insights about the context of an organization's threat environment
* Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
* Other duties as assigned Qualifications

Required:

* Bachelor's degree required and five (5+) or more years of relevant experience.
* IAM Level II certification required
* Knowledge of computer networking concepts and protocols, and network security methodologies.
* Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust).
* Knowledge of basic system, network, and OS hardening techniques.
* Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
* Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
* Knowledge of application vulnerabilities.
* Knowledge of system administration, network, and operating system hardening techniques.
* Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
* Travel may occasionally be required, but rare Preferred:
* Knowledge of cyber threats and vulnerabilities.
* Knowledge of specific operational impacts of cybersecurity lapses.
* Knowledge of host/network access control mechanisms (e.g., access control list, capabilities list).
* Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
* Knowledge of network traffic analysis methods.
* Knowledge of Virtual Private Network (VPN) security.
* Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating…