Cyber Security Engineer Senior

Work Arrangement: Hybrid

Opening: 1

Slots: 2

Position Title: DHCF - Cyber Security Engineer Senior (726125)

Client: District of Columbia

Location: Washington, DC 20024 (Hybrid)

End Date: 09/30/2024 (With Possible extension to next fiscal year)

Short Description:

DC Department of Health Care Finance is seeking to hire a experienced Security Engineer on a contract basis. The Security Engineer will be responsible for assessing, implementing, and maintaining the security measures necessary to protect the Agency

Responsibilities:

The Security Engineer will collaborate with Department of Health Care Finance Chief Information Office to identify security vulnerabilities, design, and implement security solutions, monitor security systems, and respond to security incidents impacting DHCF on-premises and cloud hosted resources. The contractor shall provide subject matter expertise in the design, development and implementation of security best practices which includes, but is not limited to, network security, application security, access control, and security policy development.

Responsibilities:

Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation of DHCF assets.

Design, implement, and manage security infrastructure and tools, including firewalls, intrusion detection systems, vulnerability management systems, antivirus systems.

Collaborate with IT teams to ensure security best practices are integrated into IT projects and operations for divisions providing services internally and externally.

Develop and maintain security policies, procedures, and standards.

Monitor security systems and respond to security incidents in a timely manner.

Provide security awareness training to employees and stakeholders.

Stay up to date with the latest security trends, threats, and technologies.

Qualifications:

Minimum of 10 years of experience working in the field of cybersecurity.

Proven experience with security assessment tools and methodologies.

In-depth knowledge of Azure security services such as Azure Security Center, Azure Firewall, Azure Active Directory, and Azure Key Vault

Understanding of network security principles, including firewalls, VPNs, and network segmentation.

Experience with security monitoring tools, log analysis, and incident response procedures in Azure environments.

Proficiency in managing user identities, access controls, and authentication methods in Azure environments.

Knowledge of regulatory requirements, compliance standards (such as GDPR, HIPAA), and governance frameworks related to cloud security.

Strong knowledge of network security, encryption, authentication methods, and security protocols.

Experience with intrusion detection systems, firewalls, and antivirus software.

Excellent problem-solving skills and attention to detail.

Strong communication skills and ability to work collaboratively with cross-functional teams.

Deliverables:

Security assessment reports detailing identified vulnerabilities and recommended remediation strategies.

Documentation of implemented security measures and configurations.

Incident reports for security incidents, including analysis, containment, eradication, recovery, and lessons learned.

Create a detailed implementation plan outlining the steps and timeline for deploying security solutions, configuring firewalls, intrusion detection systems, and other security tools.

Integrate and configure security tools, such as SIEM (Security Information and Event Management) systems, intrusion detection systems, and vulnerability scanners, for continuous monitoring and threat detection.

Develop a comprehensive incident response plan outlining procedures for identifying, containing, eradicating, recovering from, and documenting security incidents. Conduct tabletop exercises to validate the plan.

Configure network security devices, including firewalls, routers, and switches, to enforce access controls, segmentation, and threat detection.

---------------------------------------------

CONTRACT JOB DESCRIPTION

Responsibilities:

1. Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.

2. Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.

3. Develops, leads, and executes information security incident response plans.

4. Develops standard and complex IT solutions & services, driven by business requirements and industry standards.

5. May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.

Minimum Education/Certification Requirements:

BS Degree in IT, Cybersecurity, or Engineering, or equivalent experience

Required/Desired Skills:

Skill

Required / Desired

Amount years of experience

Candidate Years of Experience

Short Description

11-15 yrs. implementing, administering, and operating IS tech such as firewalls, IDS/IPS, SIEM, Antivirus, net traffic analyzers, and malware analysis

Required

11

11-15 yrs. utilizing advanced experience with scripting and tool automation such as Perl, PowerShell, Regex

Required

11

11-15 yrs. developing, leading, and executing information security incident response plans

Required

11

11-15 yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standards

Required

11

BS Degree in IT, Cybersecurity, Engineering, or equivalent experience

Required

11