Sr. Cyber Security Engineer (Web Application and Cloud Security)

Mindlance

Reston, VA

JOB DETAILS
SKILLS
Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), Amazon Web Services (AWS), Analysis Skills, Application Programming Interface (API), Applications Security, Architectural Design, Benchmarking, Best Practices, Business Strategy, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Applications, Cloud Computing, Code Reviews, Communication Skills, Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Cryptography, DevOps, ISO (International Organization for Standardization), Information Technology & Information Systems, Internet Application, Internet Security, Leadership, Penetration Testing, Policy Development, Presentation/Verbal Skills, Problem Solving Skills, Procedure Development, Project/Program Management, Quality Assurance Methodology, Secure Coding, Security Infrastructure, Software Development Lifecycle (SDLC), Software Engineering, Strategic Planning, System Architecture, Systems Administration/Management, Team Player, Telecommunications, Test Tools, Threat Modeling, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
Reston, VA
POSTED
Today
Hybrid at Reston, VA

2nd Round In-Person - MUST

PURPOSE:

Develops and implements security solutions. Administers security technology systems by architecting and engineering/developing trusted systems into secure systems. Assists in the development of implementation and deployment plans that are aligned to the organizational strategic plan objectives and security requirements. Advises management in developing cybersecurity policies, processes, and procedures.

ESSENTIAL FUNCTIONS:
20% Assists with day-to-day support of security solutions.
20% Assists with engineering support and system administration of specialized cybersecurity solutions.
15% Solves complex problems and answers routine questions about the installation, operation, configuration, and customization of cybersecurity software.
15% Identifies potential conflicts with the implementation of any cybersecurity solutions.
10% Answers routine questions about the installation, operation, configuration, and customization of cybersecurity solutions.
10% Reviews and analyzes appropriate cybersecurity solution system logs for performance and functional anomalies.
10% Works with system design architects and project managers to provide security requirements.

Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable
accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education Level: Bachelor's Degree

Education Details: Computer Science, Information Technology, or related field

Experience: 5 plus years relevant IT security experience

In Lieu of Education
In lieu of a bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

Preferred Qualifications
Senior Cybersecurity Engineer

" Strong hands-on experience in Application security, secure SDLC, DevSecOps , Cloud Security and vulnerability management.
" Deep understanding of OWASP top 10, API security top 10, common vulnerability classes, secure coding practices, and modern exploit techniques.
" Hands-on experience with security testing tools and techniques, including SAST, DAST, IAST, SCA, manual penetration testing, secure code review, and threat modeling.
" Extensive experience with CNAPP, CSPM, KSPM, CWPP or cloud native security platforms, preferably tools such as Wiz, CrowdStrike or similar solutions.
" Hands-on experience securing cloud environments, preferable AWS, including services such as IAM, EC2, S3, Lamda, EKS, CloudTrail, Security Hub, Guard Duty, or similar services.
" Deep knowledge of Kubernetes and container security, including Amazon EKS, pod security, RBAC, network policies, image security, runtime security, and container hardening best practices.
" Direct experience mapping application and cloud native controls to frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC2, CIS Benchmarks, MITRE Telecommunication&CK or similar frameworks.
" Strong working knowledge of CI/CD platforms, DevOps toolchain and secure pipeline practices, including building security, artifact management, secrets protection, and code signing.
" Experience working directly with development teams to explain security findings, recommend practical remediation and validation fixes.
" Hands-on experience securing AWS cloud environments, including strong understanding of IAM, networking, logging, monitoring, encryption, workload security, and cloud security posture management.
" Experience with infrastructure-as-code and policy-as-code practices using tools such as Terraform, Helm, CloudFormation s, Rego/OPA or similar technologies.
" Strong written and verbal communication skills, with the ability to translate complex technical risks into clear recommendations for developers, architects, leadership and governance stakeholders.
" Security certifications such as CISSP, AWS certified Security-specialty, CISA, GWEB or similar credentials are preferred.

Licenses/Certifications
CISSP Certified Information Systems Security Professional Upon Hire Req or
CISM - Certified Information Security Manager Upon Hire Req or
Certified Ethical Hacker (CEH) Upon Hire Req or
Certified Information Systems Auditor (CISA) Upon Hire Req

EEO:
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.

About the Company

M

Mindlance