NS2 Cloud Information System Security Engineer (ISSE)
Location: Herndon, VA, US
Work Area: Information Technology
Expected Travel: 0 - 10%
Career Status: Professional
Employment Type: Regular Full Time
SAP is the global market leader for business software and related services, and SAP National Security Services Inc.® (SAP NS2®) is an independent U.S. subsidiary, offering SAP solutions with specialized levels of security and support to meet the requirements of U.S. national security and critical infrastructure customers.
The Security Team Engineer will be responsible for the Enterprise Security Management, maintenance, and architecture of the IT Security Infrastructure for Public-Sector SaaS/IaaS Cloud-Computing platforms. Including the installation, configuration, upgrade, patching, maintenance & monitoring, DDoS mitigation, intrusion prevention and detection lifecycles.
All Security Team participants will ensure proper configuration of all Firewall’s, IDS/IPS, Identity Management, SIEM and Security Forensics landscapes, including, but not limited to Cisco Sourcefire/HP TippingPoint or relevant enterprise IDS/IPS experience, Splunk, TippingPoint, Tripwire, Encryption and Monitoring Tools to support the requirements of FedRAMP compliant cloud.
This role serves as a "hands-on" technical staff person who provides technical cyber and information security architecture expertise and guidance to team members and collaborates with other IT teams to address and resolve security issues.
EXPECTATIONS AND TASKS
- Expert & Consultation: Functions as a consultant to other Infrastructure groups as an Infrastructure Cyber Security expert;
- Forecasts system capacity needs, prioritizes work based on departmental priorities and system criticality, functions as an inter/intra-group liaison, performs complex analysis, proactively identifies problems and makes recommendations regarding solutions, and maintains responsibility for end-user (customer) satisfaction;
- Proactively monitors, tests, collects and analyzes system performance statistical data to improve quality & ensure optimal performance of all Storage environments;
- Creates and maintains documentation as it relates to infrastructure systems, design, configuration, support and processes;
- Diagnoses and resolves complex configuration and bottleneck issues within a complex application & systems infrastructure;
- Provides 24x7 L4/L5 escalation support for all Security Infrastructure platforms on a rotational basis;
- Maintains reports on Security Systems utilization, availability and growth patterns;
- Demonstrates experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems;
- Plans and performs comprehensive systems analysis and design activities including development of detailed functional requirements for new information technology systems, applications or software;
- Provides the in-depth knowledge of leading edge security tools and techniques for mitigating system vulnerabilities;
- Responsible for designing and deploying HIDS, NIDS and various related security tool sets;
- Responsible for deploying and managing a network and security operations command center to include operation of firewalls, Intrusion Detection Systems, and 24x7 monitoring of these networks;
- Reviews legislative documents for regulatory changes, customer requests, requirements and proposals for system development and/or changes, computes and estimates resources needed to prepare and manage Service Level Agreements (SLA);
- Serves as an expert and consultant to higher management officials and executive level management within and outside the organization to provide advice on integrating information security technology programs and functions to meet the needs of the Cloud;
- Demonstrates experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks (not all required);
- Possesses solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components;
- Possesses solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures;
- Demonstrates experience in assessing, configuring, and testing security applications and systems, such as Cisco Sourcefire firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security;
- Possesses ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff;
- Exhibits demonstrated leadership ability;
- Possesses excellent communication skills and the proven ability to work effectively with all levels of IT and business management;
- Conducts research, cost-benefit and return-on-investment analysis on proposed hardware, software and systems to justify recommendations, support purchasing efforts and in making infrastructure design and architecture decisions;
- Investigates failures to find the root cause and drive resolution;
- Maintains proper documentation of all activities;
- Promotes teamwork which includes but not limited to, encouraging others participation in problem resolution and project oriented tasks;
- Responsible for Security-related and maintainability audit of all new environments or environmental updates;
- Ensures lower-level engineers receive appropriate direction and training;
- Possesses skill in preparing and making written and oral presentations of complex technical and program management information to all levels involved
EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES
- BA/BS in Computer Science, Information Technology, Business, or any other field or equivalent experience in Information Security, Information Technology, or related technical discipline;
- Strong organizational skills and prior experience in a similar role as Engineer, Lead or Architect;
- Proficient level UNIX computer skills; Basic Scripting: Perl, Python, Shell;
- Infrastructure and Orchestration/Automation Experience preferred: Tripwire, IDS and IPS sensor tuning;
- Must possess at least two professional industry certifications in area of expertise. These could be:
- AWS Certificate
- Cloud Security Certification
- Vendor certification (CCNA, etc)
- Mastery of Encryption Mechanisms/Techniques and state-of-art applications; Security Controls; Network Intrusion Detection; Configuration Management; Firewall Management; System Security Configurations; Patch management; and Network Infrastructure Security; and
- Ability to meet stringent deadlines; handle multiple tasks
- U.S. Citizenship is required.
- Must be Dept. of Defense Directive 8570.1 compliant (CISSP or equivalent certification for acceptance).
- All internals must have manager’s approval to transfer.