You’ve stumbled upon the rare B Corp government contractor! At TCG, we aim to prove that businesses can be good to their employees and responsible to their community, all while being profitable. We’re an award-winning IT solutions provider to the Federal government, seeking a Senior Security Engineer to join our project team at a major Federal agency in anticipation of an upcoming award.
US Citizenship and the ability to pass a Federal government clearance check are required.
Although this position is largely a telecommuting position, occasional on-site work is required. The selected individual must live within commuting distance of Washington, D.C.
- Perform security reviews of all application code before deploying to the production environment and providing the results of the review to the MAX.gov ISSO
- Monitor existing COTS products and Open Source tools and products for new security vulnerabilities or patches
- Assess risks from identified security vulnerabilities and provide expert recommendations on mitigations
- Review software and hardware architectures for security implementations, assessing and reporting risks of these designs.
- Monitor (daily) systems for active attacks and break-ins, ensuring reporting and tuning of these monitoring systems
- Conduct user profiling and analysis, reporting, and active defense using Fortinet and OSS technologies
- Monitor and tune system configurations to improve performance and address errors
- Support development teams in implementing application-specific monitoring for availability and functionality
- Mentor team members on new and advanced techniques and technologies
- Ensure monitoring and defense against APTs
- Fortinet WAF and firewall administration and maintenance
- Clean up data spills and attend briefings on current security threats
- Manage Blue and Red team assessments, running practice scenarios
- Review and add defense-in-depth techniques to existing security profiles
- A minimum of 8 years of relevant security and technical experience
- Independent problem-solving skills, strong analytical abilities, creativity, and a clear appreciation of end customer needs
- Demonstrated ability with advanced code assessment tools and reviewing their results for both dynamic and static scans (OWASP, SANS, CIS, etc)
- Experience with programming in some combination of Java/Perl/PHP/C/C++/go/Ruby/Python
- Working knowledge of web protocols (including lower layers, packet disassembly, routing, and switching), ability to perform diagnostics, and knowledge of security best practices
- Experience with compliance controls and security hardening for a US Government computer system at the FISMA Moderate or High levels.
- Advanced automation skills in bash shell scripting, python, curl, etc
- Multiple years of cross-domain experience in IT domains such as network administration, database administration, or software development
- Demonstrated ability to communicate effectively, both orally and in writing
- Demonstrated ability to learn new technologies and skills
- Must be skilled at planning and organizing
- Must be adept at prioritizing, problem assessment, and problem-solving
- Must demonstrate attention to detail and accuracy
- Must have a strong customer service orientation
- Must be flexible and adaptable
- Ability to work directly with clients at all levels of an organization, including high-level internal and external stakeholders
- Offensive Security Certified Professional (OSCP) certification
- Troubleshooting, debugging, and diagnostic skills in a complex IT environment
- Familiarity with at least one Continuous Integration/Continuous Delivery (CI/CD) mechanism.
- System administration experience building, configuring, and assessing Windows/RHEL/Ubuntu/Containers
- Working knowledge of various security-focused enterprise toolsets
- Experience with COTS product installation, integration & support
- Experience with CSS and graphing libraries
- Fortinet Firewall Administration and maintenance
- Experience with information gathering and information monitoring, working knowledge of Risk Management Framework (RMF)
- Ability to create system documentation for ongoing system management
- Experience in an Agile/Scrum development environment, preferably as a team lead or scrum master
- Proficiency with MS Excel, MS Word, and other MS Office applications
- Bachelor’s degree preferred, preferably in Computer Science, Information Technology, or a related field. Experience may be substituted in absence of a degree.
Proof of COVID-19 vaccination is a job requirement. Reasonable accommodations may be available for those not vaccinated due to health reasons or sincerely held religious beliefs.
TCG does not discriminate on the basis of race, sex, color, religion, national origin, age, disability, caste, or veteran status.
Our B Corp mission is reflected in our benefits, including offerings like health care, 401K, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget, among others. There’s more, see for yourself.
TCG is recognized for treating employees well, in fact, in 2022 The Washington Post named TCG as a “Top Workplace” for the 8th straight year, and Fortune magazine named TCG on their best workplace lists for the sixth year in a row, based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff are able to achieve. And our CEO was ranked best, by virtue of TCG employees’ votes, among all midsize companies in the Washington Post Top Workplace survey.
Try us … we’ll make you happy.
Internal title/grade: System Engineer, grade 7