Security Engineer - Senior

ECS is seeking a Security Engineer - Senior to work in our Washington, DC office.  Please Note: This position is contingent upon additional funding.

ECS Federal is a leading information security and information technology company in Washington, DC. We are looking to hire a Senior Security Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.

Job Requirements:

• Strong written and verbal communication
• Knowledge of secure configuration management (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
• Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
• Knowledge of software
• Knowledge of structured analysis principles and
• Experience designing architectures and
• Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
• Knowledge of the systems engineering
• Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
• Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
• Design and develop cybersecurity or cybersecurity-enabled
• Design hardware, operating systems, and software applications to adequately address cybersecurity
• Design or integrate appropriate data backup capabilities into overall system designs and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
• Develop and direct system testing and validation procedures and
• Develop detailed security design documentation for component and interface specifications to support system design and development.
• Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
• Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or
• Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find workarounds for communication protocols that are not interoperable).
• Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
• Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
• Implement security designs for new or existing system(s).
• Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts).
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
• Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Design to security requirements to ensure requirements are met for all systems and/or
• Develop mitigation strategies to address cost, schedule, performance, and security
• Perform security reviews and identify security gaps in
• Trace system requirements to design components and perform gap
• Verify stability, interoperability, portability, and/or scalability of system

Salary Range: $120,000 - $150,000

General Description of Benefits

• Bachelor’s degree or higher
• 10+ years’ experience in security engineering in mid to large
• Certifications addressing security and risk management, asset security, security engineering, communications and network security, identity and access management, security assessment and testing, security operations, software development security, system security, network infrastructure, access control, cryptography, assessments and audits, and organizational security
• Active Public Trust clearance or eligible to obtain a Public Trust clearance