Senior Engineer, IT Security Architecture in Herndon, VA at Constellis

Date Posted: 10/17/2020

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Herndon, VA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    10/17/2020

Job Description


WHY CONSTELLIS?


Are you ready for your next adventure? From down range to corporate positions around the world, we provide you with opportunities to grow your career while helping to make the world more secure.


Constellis provides opportunities across every major continent for individuals who want to build successful careers in a fast-paced, growing industry. Legal, moral and ethical business practices remain at the cornerstone of our culture and Constellis continues to be recognized for our emphasis on quality and compliance. This strong track-record of performance is supported by our deep relationships with our government and commercial customers. Our employees worldwide, the majority of whom are military or law enforcement veterans, have ambition and passion for creating a safer world. Join us to Secure Success!


RESPONSIBILITIES


The Senior Security Engineer, Architecture needs to be a self-starter with excellent analytical and problem-solving skills, flexibility, good judgment and the ability to coordinate multiple, concurrent tasks in an effective manner. This individual will work with internal team members to ensure the systems are functional, secure and scalable. The systems and networks developed will be used to collect and process data and improve the customer security infrastructure. This person will support the design and development of cybersecurity tools and technology along with integration of new architectural features into existing infrastructures while maintaining the integrity and security of enterprise-wide systems and networks.



  • Develop standard implementation tasks lists for common services/builds (web servers, DMZs, etc)

  • Oversight and approval of all enterprise change requests (excluding trouble shooting, account creation, etc)

  • Define change requests as Major or Minor

  • Track, document, architect and develop solutions for enterprise-level requirements and optimization

  • Produce system design documents

  • Support architectural analysis of cyber security features and existing system related to future needs and trends

  • Review and provide input to system requirements based on cybersecurity posture

  • Compiles industry best practices and lessons learned into future iterations and new designs

  • Provide broad based experience in IT Service Management and apply the experience to specific cyber security initiatives relating to system design, development and operations and maintenance

  • Work with the Sr. Manager to ensure current and planned systems support the overall enterprise architecture strategy and technical reference model

  • Employ measures to ensure the deployed infrastructure is secure and available

  • Advise and assist team members to deploy and configure collection services and tools

  • Oversee the operations and maintenance of the infrastructure and make recommendations to improve operations

  • Provide functional management (performance, time, etc.) of various team members; provide mentoring to all team members

  • Directly interface with customer representatives and external groups

  • Lead definition of secure-SDLC (system development lifecycle) and product security maturity model, to adopt a shift-left approach to security

  • Develop security controls and processes for products developed and deployed in cloud environments

  • Develop in-depth security architecture, design and coding standards across infrastructure, application and data security, to drive a standardized set of security requirements, and align with internal policies and meet external compliance/regulatory requirements

  • Perform threat modelling, conduct reviews of security architecture and platform/service designs, and audit source code

  • Drive open innovation in product security best practices through industry collaboration

  • Provide product security related coaching and mentoring to elevate security expertise of development teams

  • Other duties as assigned


QUALIFICATIONS



  • Bachelor's Degree required. 3 additional years of related experience beyond the minimum required may be substituted in lieu of a degree

  • 6 or more years of relevant work experience preferred

  • Security certifications: CRISC, or CISM or willingness to obtain within 9 months of start date

  • Experience coding in Java, Python, or Go and at least one scripting language

  • Knowledge of web, mobile, API, Microservices, network and security architectures and design patterns

  • Knowledge of AWS, Azure, GCP and OCI native security tools

  • Knowledge of application security concepts, best practices and methods

  • Knowledge of security best practices, principles, and common security frameworks, such as NIST, ISO, Common Criteria, TCSEC, OWASP, etc

  • Experience with data architecture, modelling and integration

  • Knowledge of security by design principles and architecture level security concepts

  • Knowledge of current and emerging security technologies, threats and techniques for exploiting security vulnerabilities

  • Experience with methodologies and tools, for threat analysis of complex systems, such as threat modelling and software fuzzing

  • Knowledge of developer tools and environments, project management and bug tracking systems

  • Experience building secure software based on frameworks such as OWASP, CWE, SANS, OpenSAMM, BSIMM

  • Experience with various application security tools including SAST, SCA, DAST, Penetration testing, Fuzzing etc


PREFERRED



  • Security+

  • Certified Ethical Hacker (CEH)

  • GIAC Certified Incident Handler (GCIH)


ABOUT CONSTELLIS


Constellis protects critical priorities safely and efficiently around the world. Operating in 40 countries and based in the Washington D.C. area, our 22,000 Constellis employees bring unparalleled dedication and passion for creating a safer world and upholding the highest standards of compliance, quality and integrity. As a leading global provider of risk management, security, humanitarian, training and operational support services to government and commercial customers worldwide, Constellis' forward thinking solutions include a range of synergistic services, including background investigations, social intelligence tools, advanced training, logistics and life support, UAV and K9 services, and crisis response mitigation. At Constellis, our number one priority is to secure success for our customers. For more information, visit www.constellis.com


BENEFITS


Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflect its commitment to creating a diverse and supportive workplace.



  • Medical, Vision & Dental Insurance

  • Paid Time-Off Program & Company Paid Holidays

  • 401(k) Retirement Plan

  • Insurance: Basic Life & Supplemental Life

  • Health & Dependent Care Flexible Spending Accounts

  • Short-Term & Long-Term Disability

  • Personal Development & Learning Opportunities

  • On-the-job Training, Skills Development & Certifications

  • Employee Referral Program

  • Corporate Sponsored Events & Community Outreach


WORKING CONDITIONS


Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are Monday-Friday from 8:00 am to 5:00 pm, however some extended or weekend hours may be required.


PHYSICAL REQUIREMENTS


May be required to lift and carry awkward items weighing up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday.