Senior Information Security Engineer

The Congressional Budget Office is a small nonpartisan agency that provides independent, objective economic and budgetary analysis to the Congress. The agency seeks a senior information security engineer to manage an effective program to protect its information systems. The person in this position serves as the agency's top information security professional and reports to the chief information officer.Duties:The senior information security engineer develops and applies the tools and approach necessary to protect CBO's network and computer systems. Responsibilities include:Developing and reviewing security guidelines, policies, and procedures and enforcing compliance with them, while balancing the need to facilitate the work of CBO's analytical staff;Providing leadership in analyzing and addressing vulnerabilities and attempted intrusions and in preventing systems and data from being compromised;Conducting security reviews and risk assessments;Providing recommendations to keep the agency's enterprise architecture and network secure.Requirements:US citizenship or current permanent residents seeking citizenship.Qualifications:The position requires the following:Candidates must be able to obtain and maintain a top-secret security clearance.Strong oral and written communication skills, especially the ability to explain complex technical material clearly to senior staff, information systems professionals, and both technical and nontechnical users.The ability to organize and plan effectively.The ability to analyze and solve complex security problems that demand innovative solutions.The ability to adapt to evolving circumstances, technologies, and priorities while leading initiatives.The ability to work effectively with technical and nontechnical colleagues.The flexibility to work additional hours as required.A bachelor's degree or applicable certifications are preferred.Technical Qualifications:Candidates must have 8 to 10 years of information technology experience, with at least 5 years of recent experience in:Conducting risk analysis;Ensuring telecommunications security;Evaluating system vulnerabilities;Auditing logs;Developing information security policies and procedures.The most important requirement for this position is demonstrated expertise in a variety of security systems and technologies currently in place. Also required is recent experience with cloud security and advanced threat defense, firewall implementation and system penetration technology, malware detection, and network operating systems (the administration of Windows, Linux, or cloud operating systems is a plus). Experience with information technology security concepts, NIST 800-53 controls and requirements, and the MITRE ATT&CK framework is preferred. Significant familiarity with the following particulars is a plus: communication backbones, network protocols, LAN/WAN, servers, router configurations, network troubleshooting, data encryption methods, mobile device management and policy platforms, and monitoring and management tools.

#J-18808-Ljbffr