Cybersecurity Engineer

GCyber is looking for a Cybersecurity Engineer, to support a large Army customer. You should have a deep expertise in cybersecurity and technical proficiency to lead the analysis and correlation of compliance and vulnerability data across all managed endpoints. This role involves identifying critical assets, mapping traffic patterns, integrating various cybersecurity tools (e.g., firewall logs, ACAS/Tenable, HBSS/Trellix, Microsoft MDE/EDR), and generating actionable insights through Power BI dashboards. The Cybersecurity Engineer will need to assess the infrastructure for vulnerabilities and collaborate with stakeholders to produce advanced cyber analytics, visualizations, and risk-based reports. 

As the Cybersecurity Engineer, you will:

• Critical Asset Identification & Network Analysis:
  • Identify high-value assets within the RNEC's network and assess their security posture.
  • Perform detailed network topology mapping, documenting traffic flows and analyzing east-west and north-south traffic patterns to assess vulnerabilities.
  • Use tools such as Wireshark, TShark, or NetFlow to capture and analyze network traffic.
• Data Integration:
  • Integrate data from firewalls, ACAS/Tenable vulnerability scanners, Trellix/HBSS endpoint protection, and Microsoft MDE/EDR into centralized systems.
  • Implement secure API connections between these tools and Power BI or a SIEM to aggregate and normalize data for analysis.
• Risk and Vulnerability Assessment:
  • Perform risk assessments by analyzing compliance, vulnerability, and traffic data to prioritize high-risk assets and vulnerabilities.
  • Use data from ACAS for vulnerability scanning and compare it with the MITRE ATT&CK framework to understand how adversaries could exploit the vulnerabilities.
  • Assess logs from EDR/MDE solutions to identify anomalous activities or indicators of compromise (IoCs).
• Security Tool Expertise:
  • Maintain a comprehensive understanding of security tools and their data outputs, including firewall logs (Cisco ASA, Palo Alto), endpoint protection platforms (HBSS/Trellix), and vulnerability scanning tools (Tenable/ACAS).
  • Identify how each tool's dataset correlates with others to provide comprehensive visibility of the network's security posture.
• Collaboration and Reporting:
  • Collaborate with Government stakeholders to design security dashboards that reflect organizational needs, including compliance metrics, vulnerability trends, and Plan of Action and Milestones (POA&M) status.
  • Lead efforts to produce reports and visualizations in Power BI that support proactive risk management and decision-making.
  • Provide briefings and reports along with recommendations to enhance the organization's security posture to Senior Leadership. 

Minimum Qualifications and Experience:

• Active DoD Secret Clearance
• DoD 8570 IAT II Certification or higher (https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications)
• 3-5 years of experience in Cybersecurity Operations and/or Systems Engineering for the DoD, specializing in endpoint protection, network security, and vulnerability management.
• Strong experience with cybersecurity tools (e.g., ACAS, HBSS, Microsoft MDE)
• Advanced knowledge of IT infrastructure including networking, storage, and security in classified environments.
• Experience with hybrid infrastructures (on-premises and cloud environments) and familiarity with Azure or AWS security tools.
• Working knowledge of PowerBI and/or similar Analytics platforms
• Experience with Python or PowerShell to automate data ingestion and reporting processes.
• Excellent written and verbal communication skills for conveying technical information to both technical and non-technical audiences.

GCyber is an Equal Opportunity Employer. This means you don't have to worry about whether your application process will be fair. We consider all applicants without regard to race, color, religion, age, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, veteran status, or disability.
For future job notifications please follow GCyber on LinkedIn. https://linkedin.com/company/gcyber