Information System Security Engineer (TS/SCI w/CI Poly required)

Everfox • Washington, United States • 3w ago

Intelligent. Dynamic. Resilient.

Everfox, formerly Forcepoint Federal, has been defending the world’s most critical data and networks against the most complex cyber threats imaginable for more than 25 years. As trailblazers in defense-grade, high assurance cyber security, we have been leading the way in developing and delivering innovative cyber security technology. We protect data wherever it resides. Our unwavering dedication and commitment to our customers and the critical missions they serve are what set us apart. We are dynamic, vigilant, and proactive in everything we do. Our suite of cross domain, threat protection and insider risk solutions empower governments and enterprise organizations to use data safely - where and however their people need it. At Everfox, we innovate, we invest, we achieve. We protect what matters most to our customers. And we offer protection like no other. We do all of this so our customers can focus on what matters most… their mission.

Job Title: Information Systems Security Engineer (ISSE)

Work Location: Anacostia, DC

Position Summary: 
Everfox is one of the world’s largest private cybersecurity companies. As aInformation Systems Security Engineer at Everfox, you will be joining our professional services engineering team. This role will include accreditation support including document tuning, document reviews with customer and assessors, assessment support. This role will also include engineering support when needed and includes supporting multiple customers, requiring you to troubleshoot and resolve a wide variety of issues independently. While you’ll have reach back to other engineering staff, you’ll be expected to be a self-starter and multitask, while still communicating effectively with customer and engineering management. The ideal candidate will have previous experience supporting accreditations as an ISSO or SCA as well as providing administrator or SME level support for endpoint security solutions, such as HBSS, Tanium, Digital Guardian, etc.

What You'll be Doing: 
Many job listings provide a wide range of confusing and often vague terms. Here at Everfox we take a different approach by spelling out the key things you’llbe responsible for.

Validates and verifies system security requirements definitions and analysis and establishes system security designs for controls.

Designs, develops, implements, and/or integrates IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.

Builds IA into systems and services deploying into operational environments at multiple classification levels.

Assists architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.

Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.

Creates and maintains Security Control Traceability Matrix (SCTM), System Security Plans (SSP), Security Test Plans (STP) and Plan of Action and Milestones (POA&M).

Provide engineering, installation, configuration and integration of Everfox commercial-off-the-shelf (COTS) cyber products

Demonstrate competency working hands-on in Linux based environments, troubleshooting on-site technical issues, using and configuring Everfox Cyber Security solutions to deliver critical customer requirements.

Provide on-site troubleshooting, and on-site support to customers including version upgrades.

Provide on the job training to the customer as needed.

Prepare technical documentation to include as-built design, requirements, and Standard Operating Procedures

Provide technical briefings to customer leadership and Everfox corporate leadership as

Possibility of 25% travel outside of the National Capital Region (NCR) area, frequent travel to customer locations inside the NCR.

Other duties as assigned.

Things You Must Have to Apply:

An active (currently in use) – TS/SCI w/CI Poly

A Bachelor’s degree in Computer Science, Information Systems, Cyber Security, or equivalent education and/or 4-years of relevant work experience.

At least one DoD Approved 8570 Baseline Certification at IAT level II (2) or higher.
Required only for DoD professional services roles.

The ability to obtain the appropriate work authorizations that may be required under U.S. ITAR or EAR regulations from the applicable U.S government agency.

8+ years’ experience in Information Assurance positions performing the following tasks:

Reviewing, applying, and remediating security vulnerabilities or implementing security controls based on STIG guidance or scanning reports.

SME level knowledge of NIST compliance

SME level knowledge of working through A&A efforts leading up to the process of obtaining an ATO. Experience working with customers or stakeholders within an organization to achieve.

8+ years’ experience in the following technical skills

Expert knowledge and experience in A&A with DCID 6/3/ICD-503

Strong knowledge and experience with NIST SP 800-53 and associated security controls implementation and verification

Strong demonstrated experience in understanding and applying principles of Risk Management Framework (RMF) to operations and tasks.

Tools for continuous monitoring, XACTA, Risk Vison, EMass.

Strong communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels.

Scanning systems and assisting the team in remediating vulnerabilities, experience with Nessus Scanner, ACAS scanner, SCAP Scanner, etc.

Ability to communicate effectively with senior management in government and contractor teams.

Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders.

NIST 800-53 Rev 4 and Rev 5. Also, it will be good if they have experience with Intelligence/Privacy/Classified Overlays.

DISA STIG Viewer

Intermediate network administration knowledge (TCP/IP, firewalls, routers, etc.)

Intermediate Linux/Unix administration knowledge

Intermediate Windows administration knowledge

Experience in troubleshooting and resolving installation and/or application errors

Things That Would Be Nice To Have:

IT security training in various disciplines.

Bachelor's or Master's degree in IA/Cyber Security/Computer Science.

Security architecture, engineering, and A&A experience.

Experience working on and supporting classified networks.

Experience with ICD-503 A&A processes.

Certifications from vendors, such as: Cisco, McAfee, Microsoft, Oracle, Red Hat, Symantec, or VMware.

Experience working with N-Tier architecture.

Experience working in cloud environments such as AWS, Azure, GovCloud, or Google Cloud.

Experience with endpoint security solutions, such as HBSS, Tanium, Digital Guardian, etc.

A reasonable estimate of the base salary range for this role is:

$129,029.52-187,530.72 USD

The actual salary offered may vary within the range based on a candidates' unique experience, locale, and business needs. In addition to a base salary and bonus plans, Everfox offers a generous benefits package including flexible PTO, a 401k match, and contribution to healthcare coverages. Our talent acquisition team will provide specific information regarding bonus eligibility and benefits offerings.

________________________________________________________________

Don’t meet every single qualification? Studies show people are hesitant to apply if they don’t meet all requirements listed in a job posting. Everfox is focused on building an inclusive and diverse workplace – so if there is something slightly different about your previous experience, but it otherwise aligns and you’re excited about this role, we encourage you to apply. You could be a great candidate for this or other roles on our team.

The policy of Everfox is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to affirmatively seek to advance the principles of equal employment opportunity. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by sending an email to g2hr@forcepointgov.com

Everfox is a Federal Contractor. Certain positions with Everfox require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be "U.S. Persons," as defined in these regulations. Generally, a "U.S. Person" is a U.S. citizen, lawful permanent resident, or an individual who has been admitted as a refugee or granted asylum.

Applicants must have the right to work in the location to which you have applied.

#LI-CZ1