Security Engineer (Sr.)

Job Summary:

The Security Engineer (Senior) is responsible for designing, implementing, and maintaining advanced cybersecurity solutions for the Department of Commerce (DOC). This role provides subject matter expertise in cybersecurity architecture, risk analysis, network security, and vulnerability management to enhance DOC’s security posture. The Security Engineer will develop security policies, standards, and secure configurations while ensuring compliance with FISMA, NIST SP 800-53, OMB A-130, and other federal security frameworks.

*This position is dependent upon contract award. Selected candidate must be onsite in Washington, DC.* 

Job Duties and Responsibilities:

• Engineers, administers, and maintains of all Continuous Diagnostic and Mitigation (CDM) capabilities to include but not limited to: Tenable Nessus, HCL BigFix, Axonius, Okta, etc.
• Provides subject matter expertise surrounding the proper configuration and administration of the CDM capabilities to include providing input into Standard Operating Procedures (SOPs) for all CDM tools.
• Experience administering and using hardware and software asset management (HWAM/SWAM), vulnerability and asset enumeration, and Identity Management System (IDMS) capabilities for a lager federated environment.
• Cybersecurity engineering subject matter expertise conducting technical review board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms.
  • Support will be technology-related architecture guidance delivered in the form of PowerPoint briefings, email, or white papers addressing information security architecture vulnerabilities, risks, mitigation response, and emerging opportunities.
  • Support will also be technology related administration of the Continuous Diagnostics and Mitigation (CDM) and Zero Trust Architecture (ZTA) tool stack, to include Tenable Nessus, HCL BigFix, SailPoint, Okta, Axonius, Cloudflare and any other tools to support the ECDM and ZTA program.
  • Conduct technical working sessions with other Bureaus to integrate existing and new capabilities to support the Enterprise CDM/ZTA program.
  • Draft guidance and policy documents to support the CDM/ZTA program.
• Other duties as assigned. 

Job Requirements (Education/Skills/Experience):

• Must have an active Top Secret clearance. 
• Education: Master’s degree in Engineering, Cybersecurity, Information Technology, or a related field.
• Minimum 8 years of experience in Federal cybersecurity, including experience in cybersecurity technology, zero trust architecture, continuous diagnostics and mitigation, and federal cybersecurity frameworks.
• Expertise in security architecture, risk management, and security control implementation for large-scale enterprise environments.
• Strong knowledge of NIST SP 800-53, Risk Management Framework (RMF), Zero Trust Architecture (ZTA), and Continuous Diagnostics & Mitigation (CDM) frameworks.
• Experience in network security, identity and access management (IAM), encryption standards, and secure system configurations.
• Proficiency with security tools such as Tenable Nessus, Splunk, BigFix, Axonius, and Okta.
• Demonstrated ability to analyze complex security threats, assess vulnerabilities, and develop risk mitigation strategies.

Desired:

• Familiarity with FISMA, NIST 800-53, and other federal cybersecurity compliance frameworks.
• Experience working with DOC or similar federal agencies.
• Certifications are Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar.

Work Location:

• DOC Headquarters, Washington, DC

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that delivers IT, professional, and environmental solutions to advance the missions of federal, state, and tribal government agencies. As thought leaders and innovators, our team of specialists build client-centric solutions that solve critical challenges faced by defense, civilian, and healthcare organizations. Employing a mission-focused approach, we deliver value that not only enhances current operations, but also drives future change. Closely aligned with this approach is our commitment to advancing the Navajo Nation and its People. Through economic development and community empowerment, we elevate the Navajo Nation to provide lasting impact and sustainable growth for future generations. DDC’s ability to unite legacy-inspired technologies, industry best practices, and proven methodologies has contributed to our success for twenty years.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.