Security Engineer

Position is Eligible for Remote / Work from Home Opportunity.
Department:
Systems Security.
Telecommuting Eligible:
Yes.
Job Grade: E14.
As a condition of employment, physical work location must be in one of the 50 states or the District of Columbia.

Notice of Collection & Privacy Policy for Applicants Residing in California:
California Applicant Privacy Policy | Noridian ().

The Security Engineer designs, implements, and maintains enterprise security technologies to protect systems and data, ensuring compliance with Acceptable Risk Safeguards (ARS), National Institute for Standards and Technology (NIST), and Federal Information Systems Management Act (FISMA) standards. Engineers focus on Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), automation, vulnerability management, endpoint protection, and threat detection, collaborating with Security Operations Center (SOC), Governance, Risk, and Compliance (GRC), and IT teams to strengthen detection, prevention, and response.

Senior Security Engineers provide advanced expertise, lead tool and process design, mentor junior staff, and drive continuous improvement and automation across security operations.

• Designs, implements, and maintains enterprise security tools including SIEM, Endpoint Detection Response (EDR), Data Loss Prevention (DLP), and vulnerability management systems.
• Integrates log sources and ensures end-to-end visibility across cloud and on-prem environments.
• Develops, tunes, and optimizes SIEM correlation rules, dashboards, and alerts.
• Designs and maintains SIEM/SOAR detection rules mapped to MITRE ATT&CK techniques to improve alert fidelity and adversary coverage.
• Incorporates ATT&CK-based logic into automation workflows and detection engineering initiatives.
• Supports incident response by performing root cause analysis and recommending mitigations.
• Conducts security assessments and assists in vulnerability remediation and patch validation.
• Performs secure code reviews and static code analysis (SAST) to identify vulnerabilities; provides remediation recommendations and targeted training.
• Automates routine security operations and compliance processes using scripting languages (Power Shell, Python, etc.).
• Conducts penetration testing of security tools, controls, and processes.
• Supports compliance evidence gathering for ARS, NIST, FISMA, and other applicable audits.
• Collaborates with IT teams to embed security best practices and ensure security controls align with compliance frameworks.
• Provides strategic recommendations for new security tools, process improvements, remediations, risk mitigation, and targeted security training based on penetration testing findings.
• Provides technical mentoring and training to analysts on detection and tuning techniques.
• Communicates complex security concepts to both technical teams and non-technical stakeholders.
• As assigned, provides after-hours support for security incidents as part of an on-call or escalation rotation.

• Other duties as assigned.

• Bachelor's degree in Cybersecurity, Computer Science, or related field OR equivalent experience as determined by Human Resources.
• 5 years of experience in security operations, engineering, or related technical field.
• Skills in developing and maintaining scripts in Power Shell, Python, or Bash.
• Demonstrated experience with SIEM platforms (e.g., Microsoft Sentinel, Trellix, Splunk, QRadar).
• Working knowledge of log management, Intrusion Detection System/Intrusion Prevention System (IDS/IPS), Endpoint Detection and Response (EDR), SOAR, NIST 800-53, 5.1, Center for Internet Security Controls, or other vulnerability management standards.
• Working knowledge of MITRE ATT&CK or other threat modeling frameworks (e.g., D3
  
  FEND, Cyber Kill Chain) and its application to detection logic, automation, and threat modeling.
• Strong analytical and problem solving skills to investigate complex security incidents, assess vulnerabilities, and design effective technical solutions.
• Excellent written and verbal communication skills.
• Experience with testing tools such as Nmap, SQLmap, Metasploit, Wireshark, Nessus, Burp Suite, or other similar tools.
• One Offensive Security Certification: (Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Wireless Professional (OSWP), Offensive Security Web Assessor (OSWA), and Offensive Security Web Expert (OSWE).

• 7 Years experience.
• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC) GIAC Certified Incident Handler (GCIH) GIAC Certified Detection Analyst (GCDA), or Microsoft Cybersecurity Architect (SC-100).

• Office environment.
• Ability to read, hear, speak, keyboard, reason, communicate effectively and problem solve.
• Requires prolonged sitting and telephone…