Senior Security Engineer

Washington, D.C.
Federal / Civilian – Cyber / Security /
Regular /
At Agile Defense we know that action defines the outcome and new challenges require new solutions. That’s why we always look to the future and embrace change with an unmovable spirit and the courage to build for what comes next.

Our vision is to bring adaptive innovation to support our nation's most important missions through the seamless integration of advanced technologies, elite minds, and unparalleled agility—leveraging a foundation of speed, flexibility, and ingenuity to strengthen and protect our nation’s vital interests.

Requisition #: 290

Job Title: Security Engineer III

Location: 1155 21st St NW Washington, District of Columbia 20581

Clearance Level: Active DoD - Public Trust

Required Certification(s): 
·       Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.)

XOR Security, an Agile Defense Company is currently seeking a talented Senior Network Security Engineer to support Agency-level Cybersecurity Program to streamline the current Architecture and Engineering approach with a focus on roadmap planning. The ideal candidate enjoys activities defined to be “as is” and “to be” architectures including the business, data, application and technology layers along with a high-level implementation plan.
The ideal candidate will play a pivotal role in shaping the CFTC's cybersecurity strategy, providing support to understand and develop system requirements and technical solutions based on the CFTC system architectures as follows:  Support the maturation of CFTC's enterprise architecture to align with the:  Commission's information security and risks to the organizational operations, organizational assets, and individuals  You will support the government in all aspects of planning, designing, implementing, optimizing, and troubleshooting the network security system to improve the organization's efficiency and resiliency.   You will further support the government in protecting the network from threats that could attack it, including existing dangers, mishaps, and malicious attacks.  You will develop alternative system designs and architectures and consider trade-offs between security requirements, functional/operational requirements, and cost.  You will review and describe the impact of new or changing federal policies.  You will review and describe the impact of new or revised legislation and regulations (OMB, DHS, FISMA, and more).  In coordination with Enterprise Architecture and the Architecture Review Board, you will provide cybersecurity engineering expertise to conduct technical analysis of board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms.  As a cybersecurity engineer, you will be at the forefront of technology, conducting research and presenting analyses to evaluate and/or identify and describe emerging industry technology trends, government agency best practices, and security issues.

·       Excellent communication skills, facilitating activities across organizational boundaries and communicating with technical staff, line management, and senior executives.
·       Provide technical representation in cross-organizational meetings, including external vendor meetings, architecture review boards, change control boards, and project team meetings.
·       Demonstrate ability to work with project leads and developers to identify change scopes and requirements, manage code, schedule code deployment activities, deploy code, and validate satisfactorily met requirements.
·       Demonstrate an ability to simplify complex problems using innovative concepts and automation methods.
·       To be successful in this role, you must have a hands-on security engineering and networking background, such as deploying applications in an enterprise environment, networks, routers, switches, and firewalls.
·       You must understand various identity services, networks, processing platforms, operating systems, middleware, web services and applications, data technologies, and security technologies.
·       Work cross-functionally to understand CFTC's use of IoT, ICS, VOIP, VTC technologies, AWS, Azure, and ServiceNow cloud environments.
·       Must remain knowledgeable on converging zero trust concepts, capabilities, and technologies.
·       Must remain knowledgeable of Cloud Service Providers (Azure, AWS, ServiceNow, M365, other SaaS environments), their service offering, and security best practices for each service offering.
·       Must remain knowledgeable on existing FedRAMP IaaS, PaaS, and SaaS and converging FedRAMP Ready service offerings.
·       Must remain knowledgeable of Laws, regulatory requirements, DHS directives, and agency policies, demonstrating an ability to apply the context of assigned job responsibilities.
·       Must remain knowledgeable of Cybersecurity and Infrastructure Security Agency (CISA) frameworks and models, ensuring security requirement alignment to implemented technologies.
·       Must remain knowledgeable of NIST standards and ensure standards are adhered to for new technologies and products.
·       Must maintain an ability to perform security assessments of a wide array of environments, technologies, and products.
·       Must demonstrate an ability to assess planned technology changes and determine interdependencies and impact on interconnected components.
·       Must demonstrate an ability to identify relevant security controls impacted by each change and prescribe security methods and mechanisms.
·       Must demonstrate an ability to identify potential threats associated with technological changes and articulate threat mitigations.
·       Must demonstrate an ability to identify risks associated with technological changes and articulate those risks.
·       Must demonstrate an ability to identify vulnerabilities associated with technological changes and articulate prescribed mitigations.
·       Must demonstrate an ability to manage firewalls and ensure rules are configured to prevent violability of the network explicitly.
·       Must demonstrate the ability to work with engineering team members to analyze, verify, and divest potentially no longer needed rules.
·       Must demonstrate the ability to use Visual Studio Server and follow detailed instructions for code deployments into production environments.
·       Must demonstrate the ability to use security tools to identify weak ciphers and coordinate with project teams to divest weaker ciphers and replace them with current ciphers in support of Post Quantum Cryptography efforts.
·       Must demonstrate an ability to use security tools to:
·       Identify the assets within system boundaries, verify ports protocols and services, verify security controls and posture, and implement security mechanisms.
·       Validate architectural changes, identify external communications paths and internal communications dependencies, validate system compliance and vulnerability findings, and validate credentialed access to information systems and components.
·       Must demonstrate ability to facilitate working groups with system owners, project teams, information system security officers, and security control assessors.
·       Must demonstrate the ability to provide comprehensive and accurate assets, ports, protocols, services, and architecture diagrams as evidentiary artifacts to support system boundaries.
·       Must demonstrate the ability to extract, munge, and analyze large amounts of data from security and network management tools.
·       Must demonstrate advanced ability to work with APIs, Excel, PowerBI, and other tools to render data into visualizations that are comprehensive and easy to understand.


Required Certifications
·       Current industry certification: (AWS Solutions Architect, CCNP, AWS Certified Advanced Networking Specialty, Microsoft Certified: Azure Network Engineer Associate, in addition to cybersecurity specific certification, like CISSP, CISM, CISA, etc.)

Education, Background, and Years of Experience
·       Bachelor’s Degree required (preferred Computer Science, Data Analytics, Business Information Systems, Mathematics, Statistics, or equivalent).
·       Seven (7) years or more direct, hands-on, experience and expertise in a specific domain area.


Required Skills
·       Serves as subject matter expert, possessing in-depth knowledge of a particular area, such as information security, cloud security, systems engineering, big data, or the various sciences related to enterprise technology.
·       Provides technical knowledge and analysis of highly specialized applications and operational environments, high-level functional systems analysis, design, integration, security, implementation advice on exceptionally complex problems that need extensive knowledge of the subject matter for effective implementation.
·       Participates as needed in all phases of system and software development with emphasis on the planning, analysis, security, testing, integration, documentation, and presentation phases.
·       Applies principles, methods and knowledge of the functional area of capability to specific task order requirements, advanced software, systems and security principles and methods to exceptionally difficult and narrowly defined technical problems in engineering and other scientific applications to arrive at automated solutions.

Preferred Skills
·       Visual Studio, C#, Scripting (Bash, Batch, WMI, PowerShell, KQL)
·       Familiar with Network Protocols (SSH, Secure FTP, TLS/SSL) and network encryption algorithms.
·       Strong Excel background using VLOOKUPS and other functions to parse and aggregate data.
·       Strong research and presentation skills
·       Ability to facilitate meetings and discussions for an audience with a wide range of technical skills (from very technical-to-no technical background).
·       Familiar with network security tools like (ExtraHop, Sentinel, CrowdStrike, and more)


Environmental Conditions
·       Contractor site with 0%-10% travel possible. Possible off-hours work to support data updates. General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. The onsite working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work onsite is generally performed within an office environment, with standard office equipment available.

Strength Demands
·       Sedentary – 10 lbs. Maximum lifting, occasional lift/carry of small articles.  Some occasional walking or standing may be required.   Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Physical Requirements
·       Stand or Sit; Repetitive Motion; See
Employees of Agile Defense are our number one priority, and the importance we place on our culture here is fundamental. Our culture is alive and evolving, but it always stays true to its roots. Here, you are valued as a family member, and we believe that we can accomplish great things together. Agile Defense has been highly successful in the past few years due to our employees and the culture we create together. What makes us Agile? We call it the 6Hs, the values that define our culture and guide everything we do. Together, these values infuse vibrancy, integrity, and a tireless work ethic into advancing the most important national security and critical civilian missions. It's how we show up every day. It's who we are.

Happy - Be Infectious.
Happiness multiplies and creates a positive and connected environment where motivation and satisfaction have an outsized effect on everything we do.

Helpful - Be Supportive.
Being helpful is the foundation of teamwork, resulting in a supportive atmosphere where collaboration flourishes, and collective success is celebrated.

Honest - Be Trustworthy.
Honesty serves as our compass, ensuring transparent communication and ethical conduct, essential to who we are and the complex domains we support.

Humble - Be Grounded.
Success is not achieved alone, humility ensures a culture of mutual respect, encouraging open communication, and a willingness to learn from one another and take on any task.

Hungry - Be Eager.
Our hunger for excellence drives an insatiable appetite for innovation and continuous improvement, propelling us forward in the face of new and unprecedented challenges.

Hustle - Be Driven.
Hustle is reflected in our relentless work ethic, where we are each committed to going above and beyond to advance the mission and achieve success.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)