Continuous Monitoring Security Engineer

Whether to provide important information, enable access to essential government services, or store sensitive information, information and communications technology is increasingly essential to fundamental government activities. While heightened connectivity has transformed and improved access to government, it has also increased the extent and complexity of our shared cybersecurity risk. Cyber attacks on federal government networks are growing more sophisticated, frequent, and dynamic. It is paramount that the government protects networks, systems, and information from unauthorized access or disruption while continually providing essential services to the public and protecting privacy, civil rights, and civil liberties.

The Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.

Phase One is seeking a Continuous Monitoring Security Engineer to join our growing team.

Position Responsibilities

  • Provide deployment support of products currently in the DOT environment or procured through the CDM program
  • Provide assistance to the DOT OCIO in implementing initial piloting and subsequent maturation of new products to an Initial Operating Capability (IOC)
  • Provide weekly reports and recommendations on the asset management, configuration management, patch management, and vulnerability management posture and performance of the enterprise
  • Assess the current cybersecurity architecture against all phases of the CDM program and identify gaps, analyze CDM priorities and metrics, develop strategic and transitional plans for DOT to incorporate new CDM capabilities, implement new CDM tool configurations to integrate them into the existing architecture, and support the development of the CDM dashboard and metrics
  • Provide SME support in the analysis, presentation, and reporting of DOT security information obtained as part of the CDM initiative and from continuous monitoring systems, identifying critical and high vulnerabilities
  • Provide assessment, planning, and implementation support to the DOT CDM program, consistent with OMB and DHS program requirements
  • Develop ad hoc CDM/CM reports on key metrics, white papers, position papers, and analyses
  • Support DOT in the remediation of security incidents, perform analyses on compromised assets, interview personnel, analyze incident information and activities to identify potential process improvements, and support training
  • Support the change and configuration management processes, developing presentations as appropriate, and providing recommendations to federal personnel on potential security risks
  • Provide support for the development and maintenance of office and team sites on the DOT SharePoint Intranet infrastructure
  • Establish client relationships; and ensure high-quality deliverables
  • Proactively prioritize project tasks and identify project issues and risks

 

Position Requirements

  • Minimum of 5 years of experience in federal IT and cybersecurity environment
  • Bachelor's degree in Computer Science, Engineering, Mathematics, Management Information Systems or equivalent degree
  • Experience implementing, configuring, and running reports using ArcSight, IBM BigFix, Splunk CounterACT, RES, RedSeal, and Tenable are preferred
  • Knowledge of, or experience with the DHS CDM program is preferred
  • Experience with developing IT security metrics to facilitate compliance with federal guidelines 
  • Deep understanding of compliance requirements, standards, and guidelines governing security within the federal Government (e.g., FISMA, OMB memoranda, NIST publications)
  • Ability to support daily interaction with client management about day-to-day activities and strategic direction
  • Excellent oral and written communication skills targeted at a variety of technical and non-technical audiences
  • Documentation experience with Word, PowerPoint, Visio, Excel, Project, and SharePoint
  • Ability to bring innovative ideas and exercise professional judgment within defined business model, methodologies, and procedures
  • Industry certifications a plus
  • Candidates must be able to work on-site at federal agencies located in Washington, D.C. and must be able to obtain a U.S. federal public trust or pass a background investigation

 


Back to top