Jr Information System Security Engineer

Jr Information System Security Engineersupports the technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations and recommends mitigation strategies. Maintains understanding of current DoD cybersecurity policy, procedures, and requirements. Supports implementation and maintenance of software and hardware solutions that enable compliance with cybersecurity requirements. Supports the development of documentation as well as the customer and third-party evaluators in support of system accreditation. Duties may include: Perform security analysis to determine gap, compensating/mitigating controls, and residual risk Identify security risks through the security impact analysis, system risk assessments and technology security risk reports Employ scripting tools such as python, shell, PowerShell, ansible, and terraform to automate auditing and hardening actions Experience with virtual machines and containerization a plus Troubleshoot and remediate issues arising from cybersecurity components (IDS/IPS, firewall, log aggregation, etc.) in a heavily Linux environment Experience with RHEL and basic networking is a plus Apply knowledge of security principles, policy, and regulations related to NIST 800-53 Conduct security compliance evaluations on IT products to create secure configuration guidelines and baselines based on DISA STIG/SRGs and organizational standards Perform security evaluations using tools such as Tenable Nessus, Nmap, Wireshark, Metasploit, and container vulnerability scanners Develop secure configuration guidelines and perform security compliant evaluations on various IT product types: Operating Systems, Network Devices, Databases, Cloud Applications, etc Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on security assessments, whitepapers relating to computer and network security technologies and tools Effectively and efficiently communicate and collaborate with external and internal customers of any hardware and software configuration changes that adversely affect any current system security and their configurations or violates policy Implement the Cyber Security requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments Experience with eMASS is a plus Implement IT security solutions and assures successful implementation Experience with CI/CD is a plus Education and Experience Required: High School or GED equivalent 3-5 year relevant experience Training and Certifications: Security+ (Required) CISSP (Optional) Security Clearance: Active TS/SCI and the willingness to sit for a polygraph, if needed IC-CAP provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status.