Previous Job
Information Security Engineer
Ref No.: 22-00043

Are you passionate about technology? Join our growing team! AboutWeb, an award-winning IT solutions company, has been providing excellence in product development, application design, and cybersecurity solutions, since 1998. We are a diverse blend of engineers, developers, and cybersecurity professionals, providing cutting-edge solutions to real-world issues and solving problems for clients.
AboutWeb is a subsidiary of Penacity, LLC.

Job Title: Information Security Engineer (ISE)

Location: Remote

Clearance: Active Public Trust

The Information Security Engineer (ISE) includes aspects of the S ecurity E ngineering enterprise that protect information and information systems from unauthorized system activity or behavior to provide confidentiality, integrity, and availability for all systems within scope.

The ISE will have a good understanding of maintenance of an enterprise IT infrastructure model, definition and construction of common components and system service, technology insertion, system performance standards, data and system integration, interface engineering, standardization, quality assessments, system migration, consolidation, system retirement and operations.

The ISE is responsible for maintaining the security engineering and compliance of the OCIO systems under the Department control. This task provides technical security expertise for CISO sponsored capabilities, including but not limited to:

· Ensures multiple software components, hardware components, communication components, and processes and integration components across a project are designed and implemented to create a single functioning system that can deliver the business functionality proposed; IT security is embedded and threaded throughout the IT architecture for a project.

· Manage the application to include all requirements beyond the base OS . This includes but is not limited to: a) Hardware performance tuning, b) SQL server management, c) Verifying backups, d) Tuning policies, e) Managing and maintaining exclusions, f) Software optimizations, g) Endpoint agent installs and upgrades, h) Troubleshooting, and i) maintaining documentation.

· Support operations and maintenance of FISMA Moderate system "Cybersecurity Data Lake (CDL), includes Cybersecurity data management capabilities to support: SIEM, CDM, ISCM, vulnerability management, orchestration, and others. Maintain the model that analyzes the current and estimated investment, and operations and maintenance (O&M) costs for the project team and identifies potential cost savings.

· M aintain implementation of security controls for IAS Tools ( i.e. Encase, Red Seal, Varonis, EDCDL) and keep the security risk of system at acceptable level in accordance with the DoED authorization official.

Our Qualifications, Skills, and Experience for this role include :

Required Qualifications: Must meet the following Qualifications :

· Bachelor's degree in computer science, information technology or related field.

· U.S. Citizenship or Green Card

· CISSP, 10+ years of cyber security experience

· Have a Public Trust, as a minimum, or be clearable

Desirable Skills and Experience including:

· Previous work experience as a System Administrator, Security Engineer, and/or Developer

· Advanced knowledge of Windows and Linux

· Maintain and be familiar with implementation of security controls for IAS Tools ( i.e. Encase, Red Seal, Varonis, EDCDL)

· Manage and maintain the toolsets required for the SIEM and SOC monitoring to include installation, configuration, adherence to compliance, patching and other maintenance, and updating of documentation and procedures, with tuning

· Knowledge in NIST Risk Management Framework (RMF), NIST sp 800-37

· Experience in Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring Tools Support

· Support Operations & Maintenance of FISMA Moderate system and High Value FISMA systems

· Excellent leadership, mentoring and problem-solving skills

· Demonstrated ability to coordinate with system security, privacy officers, or data governance,

· Advise authorizing officials, chief information officers, senior accountable officials for risk management or risk executive (function), senior agency information security officers, and senior agency officials for privacy on a range of security and privacy issues.

· Excellent interpersonal skills and the ability to build and maintain effective working relationships

· Excellent oral and written communication skills

· Must be highly organized

· Ability to plan, organize in a high operations tempo office with multiple tasks and project deadlines

Working Knowledge and Hand s on Experience including:

· Enterprise Security Standards, Design Patterns, and Procedures

· Enterprise Security Architecture Processes and Methodology

· SecDevOps Support and Security Automation

· Software Code Review

· M-21-31

· Cybersecurity Data Lake Management and Maintenance



· Hardening Guides and Application Benchmarks

· Workstation and Server Software Security Testing

· PII and / or Sensitive Personally Identifiable Information (SPII):

If you are interested in applying for this job, or if you know someone who is (we offer referral bonuses), please get in touch with us at