Cyber Security Project Engineer SME

Dark Wolf Solutions is seeking a highly motivated and experienced Cyber Security Project Engineer SME to supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. You will be responsible for maintaining an online infrastructure, evaluating and extracting relevant data, web development, and software coding. The ideal candidate will be a subject matter expertise in technical risk analysis of enterprise and mission systems, IT systems and networks, mobile and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of technical risk assessment activities. 

Responsibilities:

• Performing technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies.
• Gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts of a given technology implementation being evaluated, from which real insights can be derived to inform risk assessor’s judgement.
• Applying consistent and systematic investigative practices to comprehensively assess risks, identify and characterize threats and vulnerabilities.
• Evaluating system or network operations using network management platforms, network scanning tools, auditing functions, PCAP captures, and log reviews.
• Analyzing system, network, or cloud configurations for mis-configured settings, configurations not required for deployment, removal of test scripts to minimize the configuration to fulfill the specific deployment.
• Analyzing hardware and software used in a system or network for origin of manufacturer, known vulnerabilities, outdated hardware or software.
• Remaining current with existing and future technologies to assist with identifying associated risks of implementing proposed technologies.
• Providing guidance of potential cyber threats, attacks, and exploitations and advise decision-makers of the inherent risks and mitigation to equities.
• Ensuring appropriate risk mitigation considerations are baked in early in the development cycle, and risks and vulnerabilities are well understood and appropriately mitigated.
• Organizing and scheduling work to effectively manage a case load.
• Tracking, documenting, and communicating progress status updates and weekly status updates on all technical risk assessment reports, cases describing potential security concerns and mitigations to enhance security posture.

Required Qualifications:

• Proficient in analyzing IT systems to identify and assess cybersecurity vulnerabilities.
• Expert in developing secure IT system and network architectures, conducting IP data flow analysis, configuring encryption, and performing vulnerability analysis using tools such as Nmap, Wireshark, Metasploit, Canvas, Kismet, and BackTrack.
• In-depth understanding of IT network configurations for devices like firewalls, routers, switches, VPNs, and Intrusion Detection/Prevention Systems, with a focus on identifying and mitigating cybersecurity vulnerabilities.
• Comprehensive knowledge of communications protocols, including IP, TCP, UDP, HTTP, HTTPS, MPLS, OSPF, IGRP, BGP, SIP, and H.323.
• Extensive experience with multiple operating systems, including Windows, Linux, and OSX.
• Expertise in Microsoft Windows versions 7, 8, 10, 2008R2, 2012, 2012R2, and 2016.
• Hands-on experience with cloud computing technologies and hypervisors, including HyperV, VMWare ESX, and Virtual Box.
• Proven ability to manage the transition of security domains and utilize cross-domain solutions.
• Solid understanding of network management systems, network storage, backup systems, and disaster recovery (DR) architectures.
• Skilled in performing technical risk assessments and providing actionable technical risk mitigation guidance.
• Ensures appropriate risk mitigation considerations are integrated into system design and implementation, guaranteeing a robust security posture.
• Experienced in analyzing procurement processes for hardware, software, and services to ensure compliance with cybersecurity and operational requirements.
• Exceptional written communication skills, consistently producing clear, concise, and well-structured security assessments.
• Certified Information Systems Security Professional (CISSP).
• US Citizen with an active Top Secret/Sensitive Compartmented Information (TS/SCI) security clearance with polygraph.

Desired Qualifications:

• Familiar with and actively participates in IT review boards.
• Provides expert recommendations to enhance IT architecture and design during reviews.
• In-depth knowledge of security policies and regulations, ensuring compliance and risk mitigation.
• Contributes to the development and implementation of technical and security standards, enhancing operational assurance through informed recommendations.
• Comprehensive understanding and application of USG standards, including Intelligence Community Directive (ICD) 503, Federal Information Processing Standards (FIPS), and National Institute of Standards and Technology (NIST) Special Publications (SP) 800-37, SP 800-39, SP 800-53, SP 800-53A, and SP 800-60.
• Certified Information Security Manager (CISM), Certified Ethical Hacker.

This position is located in Chantilly, VA.   The estimated salary range for this position is $170,000.00 - $210,000.00, commensurate on Clearance, technical skillset and overall experience.    We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.