Cybersecurity Systems Engineer

Cybersecurity Systems Engineer:

Duties and responsibilities:

1. i) Responsible for conducting in-depth assessments of the organization's cybersecurity systems, technologies, and architecture. This role involves analyzing system designs, configurations, and operational practices to identify vulnerabilities, gaps, and areas for improvement. May be involved in develop, deploy, and operate IT and operational technologies (also known as "industrial control systems"), cybersecurity-related systems, services, and tools (networks, data, software, and hardware), pertaining to cybersecurity-related initiatives. The Cybersecurity System Engineer works closely with technical teams to evaluate security controls, assess risks, and recommend solutions to enhance the overall security posture of the organization's systems and infrastructure:

(1) Conduct threat modeling exercises to identify design and operational gaps in environments, systems, and software.

(2) Perform technical cybersecurity architecture reviews and assessments across various technologies in OT and IT environments.

(3) Implement hardening standards (e.g., STIG, CIS) for hardware, operating

(4) Design and implement enterprise security technology architecture for effective operationalization.

(5) Develop resilience strategies based on a deep understanding of advanced persistent threat techniques and tactics.

(6) Manage the secure software development lifecycle and conduct software assessments, applying industry best practices (e.g., OWASP, NIST).

(7) Tooling knowledge of IT Access Control and Digital Rights Management (applications, file shares, etc.), Security Information Event Manager (SIEM), Data security and data protection software solutions, Network security software solutions platforms, Systems and Network Communication Protection (including network segmentation), System and Information Integrity, Enterprise IT Asset Management and Enterprise Patching, Secure Configuration Management (CM), System/ Enterprise Tool Evaluation and Enhancements (data flow, white- and listing, IP tracking tools, system categorization, host intrusion prevention system, Traditional and advanced antivirus protection, Microsoft (MS) Active Directory Security, Vulnerability Scanning and Remediation, Industrial Control System Security and Remediation, Secure Cloud Infrastructure, i.e., Office 365, Azure Security Portals, etc., Microsoft (MS) Active Directory Security, Artificial Intelligence and Machine Learning as it relates to Cybersecurity desired, but not required.

Required Background:

1. Bachelor s degree in Computer Science, Information Systems, Cybersecurity, or related field.
2. Formal training or certifications, as referenced in the second paragraph in the Scope of Work, in technology and cybersecurity domains with a focus on risk concepts, ideally with applied experience in a government entity.
3. Minimum of ten (10) years of progressively responsible experience in the Information Technology Security or Cybersecurity field.
4. Experience with industry standards such as NIST 800, ISO 27001, and SANS Critical Security Controls.
5. Strong understanding of cybersecurity principles, concepts, and best practices.
6. Proficiency in conducting system analysis, including assessing system architecture, configurations, and vulnerabilities.
7. Familiarity with cybersecurity tools and technologies, such as SIEM, IDS/IPS, DLP, and endpoint security solutions.
8. Ability to analyze and interpret cybersecurity data and generate actionable insights.
9. Excellent problem-solving and analytical skills, with the ability to troubleshoot complex issues.
10. Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams.
11. Experience in documenting system analysis findings, recommendations, and action plans.
12. Commitment to continuous learning and staying abreast of emerging cybersecurity trends and technologies.
13. Experience in assisting with the management of staff for administrative items, project management, QC/QA of work products, report writing, and other related matters is highly desired.