Security Engineer

At DYOPATH, we believe that work should be more than just a job – it should be a passion. As a dynamic, forward-thinking Managed Service Provider (MSP), we are dedicated to empowering organizations with reliable and innovative IT solutions. Guided by our core values of accountability, excellence, and exceptional customer service, we cultivate a culture of creativity, passion, and bold communication. Our team is driven by a shared commitment to sustainability and delivering meaningful results that help our clients thrive.

We are hiring for a remote Information Security Engineer! 

At DYOPATH, we're not just another IT company – we’re a people-first organization committed to building a collaborative, creative, and inclusive work culture. We’ve been recognized as a Great Place to Work for four years running, and we want YOU to be part of our award-winning team!

Why DYOPATH?

• People-First Culture: We value collaboration, creativity, and making sure every team member feels supported and appreciated.
• Do the Right Thing: Integrity and honesty are at our core. You'll be part of a team that embraces accountability and always strives to do what's right.
• Amazing Benefits:
  • Medical, Dental, Vision, and Life Insurance
  • 401(k) with company match
  • Paid Time Off
  • Paid Holidays
  • Flexible Spending Account (FSA) and Health Savings Account (HSA)
  • Pet Insurance (because we know pets are family too!)
  • And more!  Check out our full benefits available at https://dyopath.com/careers/

The Details:

• Position: Security Engineer
• Pay: up to $110K
• Location: Remote

What are some of your Must Have Qualifications for this position?

• CISSP certification, current and completed
• Microsoft Certified Security Operations Analyst Associate
• U.S. Citizen able to obtain a security clearance (public trust level 5)
• Experience in a Federal Azure Cloud environment
• Familiar with the following security tools: Azure Sentinel, Azure Log Analytics, Microsoft Defender, BURP, SQL Databases
• Experience with PowerShell
• Individual will be required to obtain a Secret Security Clearance prior to starting position
• Bachelor’s Degree in Information Systems, Management Information Systems, or a related field; knowledgeable of operating systems, LANs, and WANs/MANs; demonstrated knowledge and experience with applicable security regulations and standards; applicable active security clearances and/or security certifications required

What will you be doing as an Information Security Engineer?

You will be providing security support for a government client on EST for a wide variety of applications.  You will possess strong technical, analytical, interpersonal, and organization skills. 

You will:

• Ensure all applications are configured and maintained based on FISMA Standards.
• Complete Security Scans of the applications and deliver reports based on the scans. Update POAMs based on the scans and issues, resolve/implement and/or work with the IT team to address issues/vulnerabilities identified.
• Complete Annual Security Review – Coordinate, complete and deliver the annual security review. Test controls and complete updates as required based on the review.  Deliver evidence and reports as required.
• Complete Annual Contingency Plan Test – Coordinate, complete and deliver the annual Contingency Plan Test.
• Maintain/update Security Documentation; respond to Security questions/issues.
• Prepare and deliver required FISMA Documentation, i.e., System Test Plan, Risk Assessment, Policies, Configuration Management Plan, Contingency Plan, etc. for recertification.
• Work with a 3rd party vendor designated by the client to complete scans of the applications, work with vendor to complete the System Test and Evaluation of the applications. This involves completing a review of the Security Controls and providing evidence that the control has been implemented on the applications.
• Review existing C&A paperwork, respond to questions on C&A paperwork submitted, resolve or make recommendations on how to address issues identified, and provide additional information/evidence as required. Update or create C&A documents as required based on client policies and FISMA requirements.
• Subject Matter Expert on Security policies and responsibilities – Respond to questions and/or provide guidance on security policies, issues or questions that are identified. Ensure that we are meeting security requirements as defined by client policies and FISMA/NIST standards.
• Review system changes and determine security impact and provide guidance and/or complete changes required to the existing paperwork or system as required.
• Ensure compliance with appropriate security standards and regulations.
• Implement/make recommendations to meet new security policies/requirements.
• Translate DoD, federal, state, and organizational compliance requirements into documented processes, procedures, guidelines, and standards.
• Conduct analysis of system designs, processes, and procedures to document the applicable security controls in accordance with National Institute of Standards and Technology (NIST) 800-53 guidelines and requirements.
• Exhibit strong writing and editing skills, as well as the ability to work closely with all business areas to develop new and existing documentation
• Aggregate, parse, rearrange, and revise current documentation according to security requirements, new standards, and formats; Review vendor documentation for relevant content to aid in development of processes, procedures, standards, and guidelines;
• Create new documentation for processes, procedures, training materials, user guides, web-based content, release notes, internal and external presentations, etc.
• Document and implement a continuous monitoring strategy based on FISMA requirements.
• Use Azure Sentinel, Log Analytics and Microsoft Defender to monitor Azure logs and identify risks in real time.
• Write Kusto Query Language (KQL) queries for Azure Log Analytics and Azure Sentinel
• Create and modify Azure Sentinel Workbooks, Hunting Queries, and Analytics Rules using KQL.
• Interpret web traffic data from cloud-based firewalls (e.g. CheckPoint Security Gateway, Azure App Gateway Web App Firewall) to identify risks and recommend configuration or rule changes.
• Work with a technical team to evaluate Microsoft Defender for Cloud configuration recommendations based on NIST 800-53 r5 blueprints and establish technical requirements.
• Familiar with Security policies and practices within the Federal Government cloud environment.
• Familiar with FedRAMP requirements.
• Familiar with security industry best practices and standards such as:
  • SANs 18
  • OMB M-21-31 Logging requirements
  • Zero Trust in Azure
  • DISA SITG requirements for Windows Virtual Machines
  • Microsoft Purview for data governance
  • TIC 3.0 Logging requirements

Ready to Join Us?

If you're ready to make an impact, grow your career, and join a team that truly values you—APPLY NOW and let's secure the future together!

Equal Opportunity Employer

DYOPATH is committed to a work environment free of all forms of discrimination. DYOPATH recruits and hires without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic. For more information about DYOPATH, please visit our website at www.dyopath.com. The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.