TechnoGen
Sr. Security Engineer
TechnoGen, Rockville, Maryland, us, 20849
Sr. Security Engineer
Duration: Very long term contract. 5 years contract
Location: Rockville, MD - Hybrid. DMV areas candidate preferred.
End Client: Federal
Note: We need to look for candidates within HHS/HRSA or other federal agencies who have active PIV card or had PIV card before. This JD will fit only people who have Federal experience. Prior experience with HRSA, HHS and other government exp.
Responsibilities:
Ability to develop and maintain system security plans. Ability to work closely with the development team to identify and support all security requirements/policies. Conduct assessments to identify risks, threats, vulnerabilities in existing and proposed systems. Remediate issues by working with technical teams. Maintain compliance with latest federal security protocols, policies and regulations. Advise leadership on required changes. Design, implement and upgrade security solutions focused on access controls, encryption, intrusion prevention, etc. to protect federal health platforms. Support security audits and compliance with standards like HIPAA, NIST, FISMA. Demonstrate efficacy of controls. Lead projects to enhance IT security, risk management, incident response and disaster recovery. Research and recommend cybersecurity tools and practices to address emerging threats to health data and connected systems. Develop, execute and optimize security strategies and measures to protect networks, infrastructure, systems and information. Conduct assessments to identify vulnerabilities. Implement preventive security measures. Monitor systems for security threats and respond effectively to incidents. Continuously upgrade security knowledge on latest threats and technologies. Recommend enhancements. Educate staff and users on security best practices. Maintain highly secure systems and networks through testing, audits and compliance. Collaborate with IT teams to incorporate security into system design and implementation. Ability to maintain the security findings and reports in the report tracking system. Key aspects for security Policy and Control Assessments: Review existing security posture and assess the maturity level of current information security controls. Review security policies are being followed and if procedures are adequate to mitigate and manage risk. Examine system configurations on servers, network devices, and applications to check for misconfigurations. Perform VAPT (Vulnerability Scanning Analysis and Penetration Testing) Review system logs
Qualifications:
**This role requires understanding both IT infrastructure and information security disciplines.
Education:
Bachelor's degree in computer science, cybersecurity, information systems, or related field Certifications :
- Security+ CE - CISSP - CISA - CCSP - OSCP Experience:
- 7+ years experience in IT and cybersecurity - Experience with system hardening, firewalls, IDS/IPS, SIEMs, vulnerability assessments - Experience securing Windows/Linux servers and networking equipment - Implementing security frameworks like NIST, FISMA, RMF - Supporting Authority to Operate (ATO) processes and POA&M's. - Working in federally compliant environments (HIPAA, ITAR, FERPA etc.) (Preferred)
Required Skills & Knowledge:
Knowledge of security protocols like FISMA, HIPAA, NIST-800-53 etc. Experience on Network security assessment Evaluating the security posture of a network infrastructure, including firewalls, routers Understanding and knowledge of network protocols, OS, security tools, app development practice Identify and prioritize security risks Skills to interpret data from assessments and identify trends to make informed security recommendations Experience managing several Cyber Security tools, including Configuration Assessment, Log Aggregation, Integrity Verification, Web Application Security Testing, Network Access Control System, Network Intrusion prevention systems, and Endpoint Security Solutions Experience operating vulnerability scanning tools like Nessus Prepare risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems with technical team. Knowledge about Tenable & Archer
Best Regards,
Yamini D Talent Acquisition Specialist
yamini.d@technogeninc.com Web: www.technogeninc.com 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151
Duration: Very long term contract. 5 years contract
Location: Rockville, MD - Hybrid. DMV areas candidate preferred.
End Client: Federal
Note: We need to look for candidates within HHS/HRSA or other federal agencies who have active PIV card or had PIV card before. This JD will fit only people who have Federal experience. Prior experience with HRSA, HHS and other government exp.
Responsibilities:
Ability to develop and maintain system security plans. Ability to work closely with the development team to identify and support all security requirements/policies. Conduct assessments to identify risks, threats, vulnerabilities in existing and proposed systems. Remediate issues by working with technical teams. Maintain compliance with latest federal security protocols, policies and regulations. Advise leadership on required changes. Design, implement and upgrade security solutions focused on access controls, encryption, intrusion prevention, etc. to protect federal health platforms. Support security audits and compliance with standards like HIPAA, NIST, FISMA. Demonstrate efficacy of controls. Lead projects to enhance IT security, risk management, incident response and disaster recovery. Research and recommend cybersecurity tools and practices to address emerging threats to health data and connected systems. Develop, execute and optimize security strategies and measures to protect networks, infrastructure, systems and information. Conduct assessments to identify vulnerabilities. Implement preventive security measures. Monitor systems for security threats and respond effectively to incidents. Continuously upgrade security knowledge on latest threats and technologies. Recommend enhancements. Educate staff and users on security best practices. Maintain highly secure systems and networks through testing, audits and compliance. Collaborate with IT teams to incorporate security into system design and implementation. Ability to maintain the security findings and reports in the report tracking system. Key aspects for security Policy and Control Assessments: Review existing security posture and assess the maturity level of current information security controls. Review security policies are being followed and if procedures are adequate to mitigate and manage risk. Examine system configurations on servers, network devices, and applications to check for misconfigurations. Perform VAPT (Vulnerability Scanning Analysis and Penetration Testing) Review system logs
Qualifications:
**This role requires understanding both IT infrastructure and information security disciplines.
Education:
Bachelor's degree in computer science, cybersecurity, information systems, or related field Certifications :
- Security+ CE - CISSP - CISA - CCSP - OSCP Experience:
- 7+ years experience in IT and cybersecurity - Experience with system hardening, firewalls, IDS/IPS, SIEMs, vulnerability assessments - Experience securing Windows/Linux servers and networking equipment - Implementing security frameworks like NIST, FISMA, RMF - Supporting Authority to Operate (ATO) processes and POA&M's. - Working in federally compliant environments (HIPAA, ITAR, FERPA etc.) (Preferred)
Required Skills & Knowledge:
Knowledge of security protocols like FISMA, HIPAA, NIST-800-53 etc. Experience on Network security assessment Evaluating the security posture of a network infrastructure, including firewalls, routers Understanding and knowledge of network protocols, OS, security tools, app development practice Identify and prioritize security risks Skills to interpret data from assessments and identify trends to make informed security recommendations Experience managing several Cyber Security tools, including Configuration Assessment, Log Aggregation, Integrity Verification, Web Application Security Testing, Network Access Control System, Network Intrusion prevention systems, and Endpoint Security Solutions Experience operating vulnerability scanning tools like Nessus Prepare risk-based test plans and perform the security testing (tool-based testing, manual penetration testing, source code review, etc.) on the different layers of those information systems with technical team. Knowledge about Tenable & Archer
Best Regards,
Yamini D Talent Acquisition Specialist
yamini.d@technogeninc.com Web: www.technogeninc.com 4229 Lafayette Center Dr, Suite 1880, Chantilly, VA 20151