FWG Solutions is a rapidly growing systems integrator and premier small business provider of technology services to government and commercial clients. We are a trusted provider of cybersecurity, logistics, advanced engineering and operational support services to the United States Department of Defense (DoD), Intelligence Community and Federal Civilian agencies. We are a quality driven organization that leverages its ISO 20000-1:2011, ISO 27001:2013 and CMMI Level 2 quality standards, certifications and service delivery expertise to support all of our clients.As an information systems security engineer (ISSE), you will support the customer in safeguarding networks against unauthorized modification, destruction, or disclosure. Activities include but are not limited to:· Conducting risk analysis on products reviewing CVEs, plugins, CWEs, etc;· Understanding how to explain and remediate technical security controls.· Facilitating Technical Insertions (the introduction of any new and/or improved hardware or software capabilities into an established operational system) for new products.· Reviewing change requests for security impacts and technical documentation from a security perspective.· Participates in Agile Planning Events to provide technical input.· Providing technical input into trade studies for tools.· Providing technical expertise in the implementation of technical security controls in government cloud environments (cloud security experience is highly desired).· Researching, evaluating, testing, recommending, communicating, and implementing new security software or devices.· Implementing, enforcing, and communicating internet, network, or other information security policies or security plans for data, internet, software applications, hardware, telecommunications, and computer installations.· Managing all aspects of an organization's information security system, including researching, testing, training, and implementing programs designed to safeguard sensitive information from any possible breaches.Specific to cloud environment vulnerability management:· Technical expertise in system security vulnerabilities and remediation techniques, network, and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)· Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security· Experience with vulnerability scanning and testing tools such as Burp suite, Rapid7 InsightVM, Tenable Nessus, Web Inspect, Net Sparker, DB Protect, App Detective, Prisma Cloud, Core Impact, Code DX, and similar.· Experience analyzing vulnerabilities, establishing cause and impact, and identifying the corrective action needed to eliminate and prevent the event from happening in the future.· Experienced in vulnerability validation, Pre-Production, remediation, testing for false positives, and vulnerability research skills.· Experience using at least one scripting language (e.g.: Perl, Python, PowerShell)· Experience with system administration in Windows and/or Linux.· Experience testing and operating Amazon Web Services, Azure, and/or GoogleThe ISSE supports the Information systems security officer (ISSO) in managing all aspects of an organization's information security system, including researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches. The ISSE will support the ISSO in the following activities (including but not limited to):· Conducting risk analyses from vulnerability, compliance scans, pen testing results, or other audit activity; writes including but not limited to Plan of Action and Milestones, System Security Plans, Security Control Traceability Matrices, Configuration Management Plans, Contingency Plans and Test Results, Business Impact Analyses, and Security Impact Analyses.· Submitting monthly scan data in support of FISMA scorecard compliance requirements;· Responding to data calls, scan requests, and weekly and monthly reporting requirements.Required Education, Experience, & Skills
Bachelor’s Degree with 7 years of related experience including cloud security OR 10 total years of experience in Information Assurance, and IT Security including cloud securityObtain and maintaining an IAT Level III baseline certification within (90) days of hirePreferred Education, Experience, & Skills
Desired Certifications: CISSP, CCSP, AWS-SEC, MCASEARequired Clearance: SecretThis opportunity offers career development and growth, competitive compensation, and a robust benefits package with 4 Weeks PTO w/ rollover, 11 paid holidays, company paid events and training, and 401(k) retirement plan with company match. FWG holds multiple government contracting vehicles as a Prime Contractor to include: 8(a) Set-Aside; STARS III; GSA IT-70; Army ITES-3S; and CIO-SP3. FWG Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex/gender, pregnancy, religion, age, marital status, sexual orientation, military/veteran status, disability, genetic information/history or any other personal characteristic protected by law. FWG welcomes all individuals with disabilities and protected veterans to apply for our jobs.If you require accessibility assistance for this open position, please contact the Human Resources Department at [email protected]
. VEVRAA Federal Contractor, Equal Opportunity Employer (EOE)/AA Minority/Female/Veteran/Disabled/LGBTQ are encouraged to apply.