Principal Security Engineer, Defensive in Herndon, VA at Constellis

Date Posted: 1/9/2021

Job Snapshot

  • Employee Type:
  • Location:
    Herndon, VA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description


Are you ready for your next adventure? From down range to corporate positions around the world, we provide you with opportunities to grow your career while helping to make the world more secure.

Constellis provides opportunities across every major continent for individuals who want to build successful careers in a fast-paced, growing industry. Legal, moral and ethical business practices remain at the cornerstone of our culture and Constellis continues to be recognized for our emphasis on quality and compliance. This strong track-record of performance is supported by our deep relationships with our government and commercial customers. Our employees worldwide, the majority of whom are military or law enforcement veterans, have ambition and passion for creating a safer world. Join us to Secure Success!


The Principal Security Engineer, Defensive (Blue Team) is responsible for incident response and investigation including preparation, documentation, and coordination with other teammates and teams, assisting with eradication and recovery, and any necessary post-incident activities. Additional duties include security technology management/design, boundary and network defense, endpoint defense, supporting information security incident response, and vulnerability/threat remediation and advising counterparts in the creation of or updating existing policies, standards, and practices. The Principal Security Engineer, Defensive (Blue Team) must be able to provide forensic collection and analysis of infrastructure device logging information, as well as threat hunting tooling during active incident response engagements. Incident Response personnel are also tasked with Vulnerability Scanning and Penetration Testing duties as required. Provide input to the creation of new and updates to existing policies, standards and practices as necessary.

  • Bring actionable cyber threat intelligence to bear to improve defenses and enable detection and response. Stay current on incident attack vectors witnessed and exploited, evaluate internal vulnerability, and proactively recommend information systems remediation

  • Provide support in the resolution and response to suspected and actual information security incidents, breaches, abuse or system failures. Analyze security incidents that range from highly visible to complex and subtle to determine root cause. Subsequently identify process or system changes to prevent reoccurrence. Recommend and perform fixes, security patches, disaster recovery procedures, and other required measures as needed to mitigate and contain incidents in progress.

  • Assure the preservation of cyber-attack evidence as appropriate. Document results.

  • Develop and document analytical models that leverage relevant data from the Insider Threat detection tools, and other applicable data sources, to identify anomalies potentially indicative of an insider threat

  • Perform unique research on adversarial Tools, Techniques, and Procedures (TTPs). Document results.

  • Analyzing host behavior and network traffic for anomalies during an incident. Document results.

  • Devise and drive digital forensic examinations/investigations through the entire lifecycle (case planning, intake, acquisition, examination, presentation, and disposition). Preserve evidence chain of custody and document results.

  • Conduct investigative analyses of infected hardware devices, software, and mobile applications to create investigative summaries and generate extraction reports for client/executive presentation(s)

  • Participate in red/blue/purple team exercises as needed to analyze threat scenarios and assess internal defenses. Document results.

  • Other duties as assigned


  • Bachelor's degree required. Three additional years of related experience beyond the minimum required may be substituted in lieu of a degree.

  • General knowledge of APT campaigns, Tools, Techniques, & Procedures (TTP), malware attack vectors, memory injection techniques and malware persistence mechanisms

  • 7 years' experience installing, monitoring, and maintaining Information Security solutions

  • 5 years' information system forensics experience

  • 5 years' previous Incident Response Investigation Experience (as an Incident Responder)

  • Certified Information Systems Security Professional (CISSP)

  • Excellent written and verbal communication skills, including the ability to break down complicated operations into simple steps and the ability to document procedures for use in training and operations.


  • SANS GCIH or equivalent security certification

  • SANS GIAH or equivalent security certification

  • SANS GPEN or equivalent security certification

  • SANS GIAC Certified Forensic Examiner (GCFE) or equivalent security certification



Constellis protects critical priorities safely and efficiently around the world. Operating in 40 countries and based in the Washington D.C. area, our 22,000 Constellis employees bring unparalleled dedication and passion for creating a safer world and upholding the highest standards of compliance, quality and integrity. As a leading global provider of risk management, security, humanitarian, training and operational support services to government and commercial customers worldwide, Constellis' forward thinking solutions include a range of synergistic services, including background investigations, social intelligence tools, advanced training, logistics and life support, UAV and K9 services, and crisis response mitigation. At Constellis, our number one priority is to secure success for our customers. For more information, visit


Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflect its commitment to creating a diverse and supportive workplace.

  • Medical, Vision & Dental Insurance

  • Paid Time-Off Program & Company Paid Holidays

  • 401(k) Retirement Plan

  • Insurance: Basic Life & Supplemental Life

  • Health & Dependent Care Flexible Spending Accounts

  • Short-Term & Long-Term Disability

  • Personal Development & Learning Opportunities

  • On-the-job Training, Skills Development & Certifications

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach


Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are Monday-Friday from 8:00 am to 5:00 pm, however some extended or weekend hours may be required.


May be required to lift and carry awkward items weighing up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday.