Security Engineer

Description

We are seeking a highly skilled Cyber Security Engineer supporting the NRO cyber operations group or Industrial Control Systems group at each site by working with the Information Security Offices to design, implement, and support defensive security solutions that safeguard mission-critical systems and data. The ideal candidate will have deep expertise in cyber threat research, vulnerability assessment, and secure software development practices. This role focuses on protecting networks, data, and applications while proactively identifying and mitigating cyber threats.

Primary Responsibilities:

• Design and implement defensive cybersecurity solutions using a combination of software and hardware tools to protect enterprise environments.
• Conduct ongoing research in cybersecurity domains to identify emerging trends, vulnerabilities, and known flaws that could impact mission-critical systems.
• Perform threat detection, identification, and incident response activities to safeguard net-centric capabilities and network assets.
• Secure development environments by applying application security architecture principles and best practices.
• Conduct security evaluations of software and systems, including web application vulnerability assessments, penetration testing, fuzzing, and malware analysis.
• Contribute to the resilience of critical missions by mitigating vulnerabilities and reducing exposure to cyber exploits.
• Collaborate with cross-functional teams to embed security throughout the software development lifecycle.

• TS/SCI w/ Poly Clearance is required
• Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or a related field, and 4+ years of relevant experience (or equivalent combination of education, certifications, and experience).
• Industry certifications (e.g., CISSP, CEH, OSCP, GSEC) may be considered in combination with education and experience.
• Strong foundation in software and hardware development for cybersecurity applications, including both offensive and defensive security solutions.
• Proficiency in coding and scripting languages (e.g., Python, C/C++, Assembly, Java) for tool creation, code analysis, and manipulation.
• Experience with cyber threat research, vulnerability discovery, and exploit analysis.
• Familiarity with malware analysis, reverse engineering, and code execution manipulation techniques.
• Experience in defensive security engineering, including data protection, network defense, and incident response.
• Demonstrated ability to conduct web application vulnerability assessments, penetration testing, fuzzing, and software security evaluations.
• Ability to work independently on complex projects with significant impact, and to coach junior technical staff.
• Strong communication skills for collaboration with internal and client-facing project teams.

• Advanced knowledge of offensive cybersecurity operations, including payload development, custom exploit creation, and tool innovation.
• Experience with cyber threat intelligence, including gathering, analyzing, and synthesizing threat data for actionable insights.
• Deep expertise in application security architecture and secure development lifecycle (SDLC) practices.
• Experience using tools for vulnerability scanning, reverse engineering (e.g., IDA Pro, Ghidra), and exploit testing.
• Familiarity with scripting for automation of cybersecurity tasks and toolchains.
• Understanding of cybersecurity frameworks (e.g., MITRE ATT&CK, NIST 800-53) and regulatory compliance requirements.
• Background in research and development methodologies to support innovation in cybersecurity capabilities.
• Industry certifications such as OSCP, CISSP, CEH, GPEN, GREM, or equivalent.