Today
Secret
Mid Level Career (5+ yrs experience)
$90,000 - $100,000
No Traveling
IT - Security
Saint Louis, MO (Off-Site/Hybrid)
Job Description
Develops, deploys and/or maintains enterprise-wide computing and information security requirements, policies, standards, guidelines and procedures for secure, isolated environments. Advises on a broad range of compliant information security and data protection requirements. Determines acceptability of unique configurations and verifies security parameter placement. Investigates and resolves security incidents. Participates in security assessments and audits.
• Employ best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
• Capture and refine information security requirements and ensure that the requirements are effectively integrated into information systems through purposeful security architecting, design, development, configuration and documentation for delivery to a wide customer base.
• Perform security assessments of software, including research and manual/automated testing, and document security findings and recommended mitigations.
• Provide Security Application Development, Packaging, Testing, Troubleshooting and Customer Support:
• Engineer the application to function in a secure environment, including configuration of servers and desktops.
• Identify and record security exceptions, where applicable.
• Develop efficient installation procedures. When applicable, create automated application packages.
• Test packages inside a secure environment, adhering to and ensuring approved security standard practices are followed. Security requirements are set by government guidelines.
• Write a concise installation guide with easy-to-follow technical instructions for each application that is developed and/or packaged.
o Educate team members on security best practices and participates in architecture meetings with application owners.
o Analyze security situations, environmental factors and business objectives. Advises on a broad range of information security issues and interprets data protection requirements. Contributes to or develops security plans to meet assurance or protection requirements.
o Analyze and documents computing security events. Identifies root causes, prioritizes threats and recommends and/or implements corrective action. Determines acceptability of unique configurations and verifies security profile settings. Tests and deploys risk mitigation processes and tools.
o Investigate, analyze and resolve security questions and issues. Tests and deploys incident response processes and tools. Leads or participates on incident response teams.
o Perform security compliance monitoring. Participates in security policy assessments and audits. Evaluates and tests security controls and applications. Contributes to corrective action planning
Requirements:
• Minimum DoD Interim Secret Clearance
• DoDD 8570 Certification IAT Level 2 (Security+ Recommended)
Skills/Experience
• Be very detail oriented and be able to manage priorities in a fast-paced environment
• Have solid troubleshooting skills
• Familiarity with the Department of Defense (DoD) technical security standards and Risk Management Framework (RMF)
• Have a solid understanding of:
o programming logic
o implementing APIs
o Windows NTFS permissions
o Linux file system permissions
o Security tools like Wireshark, nmap, Nessus (or other vulnerability scanning tool), Charles Proxy
o common protocols (TCP, UDP, LDAP, SSL/TLS, SSH, SCP)
• The ability to read, write, understand and follow instructions within an installation script is necessary. Must have scripting experience:
o Powershell
o Python
o Bash Scripting
o SQL
o VBscript
o HTML, XML, JSON and CSV
• Software Packaging experience:
o Understanding of MSI/MST (Windows Installer) and Installshield installations
o Wise Package Studio, Flexera Admin Studio, Orca
o Windows Operating Systems, file systems, and the Windows Registry (x86 and x64)
o Understanding how software installations work (MSI and EXE)
• Minimum Operating System experience:
o Windows 10
o Microsoft Server 2016
o RedHat Linux 7
• Systems Engineering and Administration experience:
o Splunk
o McAfee EPO
o VMware ESXi and vSphere client
o Microsoft Active Directory (AD) and Group Policy
o Windows Server services (AD, DNS, DHCP)
o UNIX/Linux Administration
o Web servers (IIS, Apache)
• Knowledge of web applications and database technologies with basic understanding of common vulnerabilities affecting these technologies (OWASP Top 10 / CWE)
• Must have DOS experience and have executed command lines from a CMD prompt
• Experience installing\configuring complex Client\Server Applications that include multiple servers and\or a database is a plus
Develops, deploys and/or maintains enterprise-wide computing and information security requirements, policies, standards, guidelines and procedures for secure, isolated environments. Advises on a broad range of compliant information security and data protection requirements. Determines acceptability of unique configurations and verifies security parameter placement. Investigates and resolves security incidents. Participates in security assessments and audits.
• Employ best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
• Capture and refine information security requirements and ensure that the requirements are effectively integrated into information systems through purposeful security architecting, design, development, configuration and documentation for delivery to a wide customer base.
• Perform security assessments of software, including research and manual/automated testing, and document security findings and recommended mitigations.
• Provide Security Application Development, Packaging, Testing, Troubleshooting and Customer Support:
• Engineer the application to function in a secure environment, including configuration of servers and desktops.
• Identify and record security exceptions, where applicable.
• Develop efficient installation procedures. When applicable, create automated application packages.
• Test packages inside a secure environment, adhering to and ensuring approved security standard practices are followed. Security requirements are set by government guidelines.
• Write a concise installation guide with easy-to-follow technical instructions for each application that is developed and/or packaged.
o Educate team members on security best practices and participates in architecture meetings with application owners.
o Analyze security situations, environmental factors and business objectives. Advises on a broad range of information security issues and interprets data protection requirements. Contributes to or develops security plans to meet assurance or protection requirements.
o Analyze and documents computing security events. Identifies root causes, prioritizes threats and recommends and/or implements corrective action. Determines acceptability of unique configurations and verifies security profile settings. Tests and deploys risk mitigation processes and tools.
o Investigate, analyze and resolve security questions and issues. Tests and deploys incident response processes and tools. Leads or participates on incident response teams.
o Perform security compliance monitoring. Participates in security policy assessments and audits. Evaluates and tests security controls and applications. Contributes to corrective action planning
Requirements:
• Minimum DoD Interim Secret Clearance
• DoDD 8570 Certification IAT Level 2 (Security+ Recommended)
Skills/Experience
• Be very detail oriented and be able to manage priorities in a fast-paced environment
• Have solid troubleshooting skills
• Familiarity with the Department of Defense (DoD) technical security standards and Risk Management Framework (RMF)
• Have a solid understanding of:
o programming logic
o implementing APIs
o Windows NTFS permissions
o Linux file system permissions
o Security tools like Wireshark, nmap, Nessus (or other vulnerability scanning tool), Charles Proxy
o common protocols (TCP, UDP, LDAP, SSL/TLS, SSH, SCP)
• The ability to read, write, understand and follow instructions within an installation script is necessary. Must have scripting experience:
o Powershell
o Python
o Bash Scripting
o SQL
o VBscript
o HTML, XML, JSON and CSV
• Software Packaging experience:
o Understanding of MSI/MST (Windows Installer) and Installshield installations
o Wise Package Studio, Flexera Admin Studio, Orca
o Windows Operating Systems, file systems, and the Windows Registry (x86 and x64)
o Understanding how software installations work (MSI and EXE)
• Minimum Operating System experience:
o Windows 10
o Microsoft Server 2016
o RedHat Linux 7
• Systems Engineering and Administration experience:
o Splunk
o McAfee EPO
o VMware ESXi and vSphere client
o Microsoft Active Directory (AD) and Group Policy
o Windows Server services (AD, DNS, DHCP)
o UNIX/Linux Administration
o Web servers (IIS, Apache)
• Knowledge of web applications and database technologies with basic understanding of common vulnerabilities affecting these technologies (OWASP Top 10 / CWE)
• Must have DOS experience and have executed command lines from a CMD prompt
• Experience installing\configuring complex Client\Server Applications that include multiple servers and\or a database is a plus
group id: apexsan
