Job Description
The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.
The Senior Cybersecurity Engineer is responsible for supporting OFR's Security Operations (SecOps) and Architecture team. This position will provide hands-on expertise in support of SecOps including monitoring, reporting, threat intelligence, threat hunting and incident response. This position will partner with operations and engineering teams in the design and review of projects with respect to implementation of security requirements (e.g., logging, authentication, alerting, etc.). The primary responsibility of this position will be the administration of Continuous Diagnostics and Mitigation (CDM) tools including Qualys and Forescout. Experience with Rapid7 and BigFix is also beneficial to assist in the migration to Qualys. Experience with integration of ServiceNow with CDM tools for the purpose of automation and reporting is highly desirable but not required. The candidate should also have experience with the deployment and administration of Endpoint Detection and Response (EDR) systems including CrowdStrike Falcon and Trellix HX. The engineer should have experience conducting regular audits to ensure security controls such as CrowdStrike and our Qualys vulnerability software are functioning as expected. In addition to audits, this position will test for vulnerabilities by conducting regular scans of networks using Qualys vulnerability scanning platform and works with third party vendors during annual security assessments and testing.
This is a highly technical role that requires a solid understanding of security system, capabilities, and best practices. As part of a growing team this role will have the ability to leverage and work with new capabilities as they are deployed including deception infrastructure, continuous penetration testing, data loss prevention (DLP), and machine learning capabilities. This role is expected to contribute to maturing the overall IR and security capability through experience and recommendations at every level of security.
Key Tasks and Responsibilities
* Extensive experience configuring, managing, and troubleshooting the Qualys VM, PC, Web Application Scanner, and Container Security modules.
* In-depth knowledge of Qualys dashboarding, reporting and data analysis functionalities.
* Experience with Qualys APIs for automation and integration purposes.
* Develop and implement security automation workflows using Qualys APIs and scripting languages (e.g., Python).
* Streamline security operations by automating repetitive tasks and integrating Qualys with other security tools.
* Proactively identify and address potential security risks within the Qualys platform.
* Continuously improve security posture by recommending and implementing best practices for Qualys usage.
* Working knowledge of Amazon Web Services (AWS) EC2 and Workspaces, VMWare virtual infrastructure, and network/security appliances.
* Coordinate with the Network Engineering team in the deployment of Forescout CounterACT.
* Experience with Simple Network Management Protocol (SNMP), SSH, Ethernet and TCP/IP protocols, IP subnetting, MAC address tables and ARP tables.
* Participate in breach and attack simulation and purple teaming exercises to stress test the incident response plans and playbooks.
* Compose and deliver executive-level reports, presentations, and postmortems for key stakeholders.
* Provide relevant, strategic recommendations to help improve the security posture of the organization during and after an incident.
* Analyze emerging threats to improve and maintain the detection and response capabilities of the organization.
* EDR/IDS/IPS
* NDR/Network
* Identity Provider (IdP) authentication policies
* Integration of threat intelligence feeds with security policy enforcement points
* SIEM and XDR detections
* Security orchestration, automation, and response (SOAR) playbook development
* Apply knowledge of monitoring, analyzing, detecting, and responding to cyber events to develop clever, efficient methods and technology to detect all types of threat.
* Document specifications, playbooks, and detections - not as an afterthought, but through the whole process.
* Work with developers to build security automation workflows, enrichments, and mitigations.
* Evaluate policies and procedures and recommend updates to management as appropriate.
Certifications
* Certifications
o Certification in Qualys or related certifications (e.g., CISSP, CISA) is a plus
o Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
Security Clearance
* Public Trust
* Must be US Citizen
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
* This is a remote/work from home role.
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.