Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google, Oracle and Federal agencies. Coalfire has been a cybersecurity thought leader for nearly 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges.

We’re growing rapidly and are currently seeking a Senior Security Engineer to join our Coalfire Federal team. 

Coalfire Federal is is seeking a Security Engineer to support the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) Program. The Program provides cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture. CDM is a large, DHS-managed program which is comprised of several large contracts and various services.

The Security Engineer will apply their knowledge to scrutinize the security architecture, implementation, deployment, and operations of the CDM Dashboard and define/implement plans of action, processes, and procedures. As Security Engineer, you will have opportunities to master and serve as a reference in one or more technical domains such as network protocols/security, hardware security, software engineering, virtualization, and operating systems. This individual will be responsible for evaluating the security of the dashboard under this new program initiative in order to satisfy program requirements, and prevent attack, damage, or unauthorized access.

• Providing security technical expertise and management of security engineers, processes and procedures across the CDM Dashboard Ecosystem program
• Providing technical expertise for all CDM Dashboard Ecosystem security matters in technical domains such as network protocols/security, hardware security, software engineering, virtualization, and operating systems
• Providing technical expertise and management in order to maintain DHS Authority to Operate (ATO) of the CDM Dashboard Ecosystem
• Applying their in depth knowledge to scrutinize the security architecture, implementation, deployment, and operations of the CDM Dashboard Ecosystem and define/implement plans of action, processes, and procedures.
• Evaluating the security of the CDM Dashboard Ecosystem in order to satisfy DHS security controls, program requirements, and prevent attack, damage, or unauthorized access
• Manage operational security tasks such as Incident Response and Continuous Monitoring practices
• Manage and facilitate Incident Response and Disaster Recovery Table Top Exercises as needed
• In depth understanding of general information security concepts and principles, system architectures and development, network protocols, etc.
• Strong understanding of NIST SP 800 Series with focus on Risk Management Framework Lifecycle.
• In depth experience with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) criteria
• Ability to build and maintain relationships with various IT Security Stakeholders
• Strong mentorship and ability to train and elevate skillset of Junior Engineers
• Ability to analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
• Ability to review vulnerability assessment data to identify technical risks to the organization and make suggestions on mitigating actions.
• Strong communication skills.
• Minimum of five (5) and up to ten (10) years of cybersecurity experience, including experience with DHS programs
• Bachelor's degree (four-year college or university) in Computer Networks, Cybersecurity, Computer Science, or Information Systems / Technology.

• Security testing of IT products
• Knowledge of network protocols (e.g. TLS/SSL, SSH, IKE, SRTP, SNMP)
• Knowledge of information security (e.g. authentication, access control, network security)
• Knowledge of cryptography and the FIPS 140-x family of standards
• Knowledge of the Common Criteria family of standards
• Knowledge of the US security testing programs and evaluation schemes, and of the applicable requirements and standards relevant to them
• Experience with configuration and maintenance of IT Service Management (ITSM) tools such as Atlassian Jira in a production environment supporting Event Management, Incident Management, Problem Management, and Change Management
• Experience implementing and executing work using the Scaled Agile Framework (SAFe)
• Experience with supporting the ELK (Elasticsearch, Kibana, Logstash) Stack in non-production and production environments
• Experience with a SIEM tool such as Splunk desirable (i.e. creating queries, dashboards)
• Experience using Regex in searches to extract data from log files being ingested into a SIEM tool such as Splunk 

Passionate problem-solvers who are hungry to learn, grow, and contribute. That’s what it takes to be a part of the Coalfire team. We work together to tackle the toughest cybersecurity challenges and help our clients become more secure and successful. We are trusted advisors who are committed to shaping our industry. At Coalfire, our people have the opportunity to expand their minds and skills, build meaningful relationships with the industry’s smartest minds, and have a direct impact on our company’s success. 

Along with energetic culture and supportive environment, you’ll have the flexibility to balance your personal and work life and grow personally and professionally. We work hard, and we play hard – and the two often overlap, and we’re active in our communities. Plus, we offer great benefits, including:

• Health, dental, and vision insurance with an employer contribution
• Flexible paid time off (employees are encouraged to spend four weeks away from the office each year)
• A generous 401(k) plan
• A corporate wellness program
• Stock Appreciation Rights (SARs)
• Tuition reimbursement
• Certification reimbursement

Coalfire is an EEO employer. We celebrate diversity and are committed to respecting one another, embracing individual differences, and creating an inclusive environment for all employees.

https://www.coalfire.com/privacy/ca_policy_employee