You’ve stumbled upon the rare B Corp government contractor! At TCG, we aim to prove that businesses can be good to their employees and responsible to their community, all while being profitable. We’re an award-winning IT solutions provider to the Federal government, currently seeking a Senior Security Engineer to join our project team at a major Federal agency.

US Citizenship and the ability to pass a Federal government clearance check are required.

Although this position is currently a full-time telecommuting position, it will eventually require on-site work. The hired individual must live within commuting distance of Washington, D.C.

RESPONSIBILITIES:

  • Performing security reviews of all application code before deploying to the production environment and providing the results of the review to the MAX.gov ISSO
  • Monitoring existing COTS products and Open Source tools and products for new security vulnerabilities or patches
  • Assessing risks from identified security vulnerabilities and providing expert recommendations on mitigations
  • Reviewing software and hardware architectures for security implementations, assessing and reporting risks of these designs.
  • Daily monitoring of systems for active attacks and break-ins, ensuring reporting and tuning of these monitoring systems
  • User profiling and analysis, reporting, and active defense using Fortinet and OSS technologies
  • Monitoring and tuning system configurations to improve performance and address errors
  • Supporting development teams in implementing application-specific monitoring for availability and functionality
  • Mentoring team members on new and advanced techniques and technologies
  • Ensuring monitoring and defense against APTs
  • Fortinet WAF and firewall administration and maintenance
  • Cleaning up data spills and attending briefings on current security threats
  • Managing Blue and Red team assessments, running practice scenarios
  • Review and add defense-in-depth techniques to existing security profiles

REQUIRED SKILLS:

  • A minimum of 8 years of relevant security and technical experience
  • Independent problem-solving skills, strong analytical abilities, creativity, and a clear appreciation of end customer needs
  • Demonstrated ability with advanced code assessment tools and reviewing their results for both dynamic and static scans (OWASP, SANS, CIS, etc)
  • Experience with programming in some combination of Java/Perl/PHP/C/C++/go/Ruby/Python
  • Working knowledge of web protocols (including lower layers, packet disassembly, routing, and switching), ability to perform diagnostics, and knowledge of security best practices
  • Experience with compliance controls and security hardening for a US Government computer system at the FISMA Moderate or High levels.
  • Advanced automation skills in bash shell scripting, python, curl, etc
  • Multiple years of cross-domain experience in IT domains such as network administration, database administration, or software development
  • Demonstrated ability to communicate effectively, both orally and in writing
  • Demonstrated ability to learn new technologies and skills
  • Must be skilled at planning and organizing
  • Must be adept at prioritizing, problem assessment and problem-solving
  • Must demonstrate attention to detail and accuracy
  • Must have a strong customer service orientation
  • Must be flexible and adaptable
  • Ability to work directly with clients at all levels of an organization, including high-level internal and external stakeholders

PREFERRED SKILLS:

  • Offensive Security Certified Professional (OSCP) certification
  • Troubleshooting, debugging, and diagnostic skills in a complex IT environment
  • Familiarity with at least one Continuous Integration/Continuous Delivery (CI/CD) mechanism.
  • System administration experience building, configuring, and assessing Windows/RHEL/Ubuntu/Containers
  • Working knowledge of various security-focused enterprise toolsets
  • Experience with COTS product installation, integration & support
  • Experience with CSS and graphing libraries
  • Fortinet Firewall Administration and maintenance
  • Experience with information gathering and information monitoring, working knowledge of Risk Management Framework (RMF)
  • Ability to create system documentation for ongoing system management
  • Experience in an Agile/Scrum development environment, preferably as a team lead or scrum master
  • Proficiency with MS Excel, MS Word, and other MS Office applications

EDUCATION:

  • Bachelor’s degree preferred, preferably in Computer Science, Information Technology, or a related field. Experience may be substituted in absence of a degree.

Proof of COVID-19 vaccination is a job requirement. Reasonable accommodations may be available for those not vaccinated due to health reasons or sincerely held religious beliefs.

TCG does not discriminate on the basis of race, sex, color, religion, national origin, age, disability, caste, or veteran status.

Our B Corp mission is reflected in our benefits, including offerings like health care, 401K match, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget, among others. There’s more, see for yourself.

TCG is recognized for treating employees well, in fact, in 2022 The Washington Post named TCG as a “Top Workplace” for the 8th straight year, and Fortune magazine named TCG on their best workplace lists for the sixth year in a row, based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff are able to achieve. And our CEO was ranked best, by virtue of TCG employees’ votes, among all midsize companies in the Washington Post Top Workplace survey.

Try us … we’ll make you happy.

Internal title/grade: Systems Engineer, Grade 7