ISSO​/Systems Security Engineer

Overview ISSO/SYSTEMS SECURITY ENGINEER Bowhead is seeking a skilled full-time ISSO/Systems Security Engineer to join our team in Dahlgren, VA. The ideal candidate will have a strong background in computer networking concepts and protocols, as well as network security methodologies. The ISSO/Systems Security Engineer will be responsible for identifying and mitigating vulnerabilities in security systems, conducting vulnerability scans, and applying system, network, and operating system hardening techniques.

Responsibilities

Key Responsibilities:

Conducting vulnerability scans and recognizing vulnerabilities in security systems. Using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.). Conducting application vulnerability assessments. Identifying systemic security issues based on the analysis of vulnerability and configuration data. Sharing meaningful insights about the context of an organization’s threat environment that improve its risk management posture. Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Troubleshooting and diagnosing cyber defense infrastructure anomalies and working through resolution. Performing impact/risk assessments.

Required Skills:

Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. Skill in using DoD network analysis tools to identify vulnerabilities (e.g., ACAS, HBSS, etc.). Skill in system, network, and OS hardening techniques (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). Skill in conducting application vulnerability assessments. Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture. Ability to cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Tenable Assured Compliance Assessment Solution (ACAS) Trellix Endpoint Security System (ESS), previously known as McAfee Host Based Security System (HBSS) Skill in applying host/network access controls (e.g., access control list).

Skill in using Virtual Private Network (VPN) devices and encryption. Skill in securing network communications. Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution. Skill in performing impact/risk assessments. Skill to develop insights about the context of an organization’s threat environment Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Other duties as assigned Qualifications

Required:

Bachelor's degree required and five (5+) or more years of relevant experience. IAM Level II certification required Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth & concept of zero trust). Knowledge of basic system, network, and OS hardening techniques. Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. Knowledge of application vulnerabilities. Knowledge of system administration, network, and operating system hardening techniques. Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. Travel may occasionally be required, but rare Preferred:
Knowledge of cyber threats and vulnerabilities. Knowledge of specific…