***Security - Public Trust Required***
Role: Senior Security Engineer
-Bachelor's degree in Systems Engineering, Computer Science or other engineering discipline
Role Description: The Security Architecture and Engineering team of the Bureau of Consumer Financial Protection (BCFP) Cybersecurity Program performs research, evaluations, architecture support, and security engineering over information technology products, services, and solutions to safeguarding the Bureau's IT assets and data. It provides security architecture and engineering expertise across agency information technology initiatives, as well as changes to existing information technology infrastructure and services, to ensure a secure enterprise and the deployment of fictionless security controls to protect sensitive consumer financial data collected and maintained under the Bureau's Dodd Frank Consumer Protection and Wall Street Reform Act obligations.
The Senior Cybersecurity Engineer is required to have the experience to work closely with other Bureau T&I functions to understand the vision and direction of the information technology program, and can decompose this architecture, and associated use cases, into discrete components that can be addressed from a cybersecurity engineering standpoint. Individuals must be able to understand proposed, and in-place, architectures at a level that enables the identification and understanding of possible security risks, and propose solutions for risk mitigatation. From a technical standpoint, individuals should understand:
? Security Baselines (e.g. STIG, CIS, USGCB)
? Zero Trust architecture
? Unified Endpoint Management (e.g. Workspace One)
? Cloud Access Security Brokers (CASB)
? Cloud models (e.g., IaaS, PaaS, SaaS)
? Trusted Internet Connection (TIC)
? Virtual Private Network (VPN)
? Orchestration (e.g. Mesosphere, Kubernets)
? Containerization (e.g docker)
? Enterprise Architecture (e.g. TOGAF, DoDAF)
? Identity and Access Management (e.g. Okta, Sailpoint)
Skills: Federal Info Security Mgmt Act (FISMA)
Individuals must have the ability to take general security configuration baselines (e.g., DISA STIGs, CIS Benchmarks, etc.) and develop customized baselines to meet the agency needs. Furthermore, the individual must be able to translate the low-level security baseline requirements into high-level FISMA/NIST requirements and agency-specific security policy. A working understanding of the National Vulnerability Database (NVD) and/or Common Vulnerability Enumeration (CVE) is also expected.
Prior hands on experience across a wide-array of technical platforms is necessary, and direct hands on experience is preferred. Technologies may include, but are not limited to:
? Networking (e.g. Cisco, Juniper, Palo Alto)
? Operating system (e.g. Windows Server, Redhat Linux)
? Cloud (e.g AWS, Azure, Salesforce, Okta, O365, ServiceNow)
? Mobile technologies (e.g iOS, Xen Mobile)
Individuals must possess hands on experience working with the NIST 800 Special Publication series guidance related to risk management and security control implementation. These may include, but are not limited to: 800-30, 800-37, 800-53, 800-60, 800-63, 800-115, and 800-137.
Individual must also be able to work autonomously in a fast-paced environment, with direction from Federal government team leads, or be able to oversee/coordinate the activities of a team of junior engineers. Individuals must possess strong attention to detail, written and oral communication skills, and be able to operate in an environment where you can defend your professional conclusions, and also have the confidence and knowledge to challenge others.
Individuals with technical certification preferred (e.g., CCNA, MSCE (Server), RHCSA, EBSA, or ECSS)
Bachelor's degree in Computer Science or other engineering discipline is required.