Information Security Engineer

• Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  
• Maintain deployable cyber defense audit toolkit.
  
• Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
  
• Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
  
• ​Perform technical and non-technical risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
  

Requirements

• Knowledge of network security architecture concepts including topology, protocols, components, and principles.
  
• Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL])
  
• Knowledge of application vulnerabilities
  
• Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  
• Knowledge of penetration testing principles, tools, and techniques.
  
• Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  
• Skill in the use of penetration testing tools and techniques.                   
  
• Proficient in preparation of reports, dashboards, and documentation.