Cyber Security Engineer

Cybersecurity Engineer/Analyst

Employment type: Full-Time position

SecureSoft Technologies LLC (SST), a small Information Security company, based in Maryland, has a need for a Cybersecurity Engineer/Analyst professional with an elevated level of personal initiative and the ability to work independently and as a member of an information system cyber and information security team.

This position requires at least 2 years' experience as a security engineer and information/cyber security professional. The candidate must be authorized to work in the US, although US Citizens are preferred.

The person in this role will be expected to have at least 2-3 years’ experience in security engineering and cyber security exposure and experience in setting up and implementing secure operating systems, applications, and network devices such as firewalls, routers and switches. Education cannot be substituted for experience. Other experience and skillset should include security monitoring of logs, data loss prevention, and eDiscovery actions. The candidate should have experience in setting up vulnerability scans such as OpenVas and/or ACAS/Nessus in virtual or non-virtual environments. Experience in vulnerability management including implementation of resolutions to findings including Plan of Action and Milestones (POAMs) based on DISA STIGs guidelines and DoD Security Requirements Guide (SRG) is a plus. The candidate:

• Will conduct risk and vulnerability assessment at the network, system and application level.
• Will develop and implement security controls and formulates operational risk mitigations.
• Will be involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
• Will research, evaluate, and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
• Will regularly prepare security reports as well as audits and manages access management.
• Must have on the job experience with the CMMC implementation, NIST 800-171 implementation and Risk Management Framework (RMF) Authorization and Assessment Experience, as well as research and analytical skills and ability to pinpoint significant patterns related to cyber threats.
• Must work well independently as well as in dynamic, team-oriented environments. Possess strong organizational, presentation, communication and critical thinking skills

Tasks and responsibilities include:

• Develop, implement, and monitor information security measures to protect enterprise computer networks, systems, applications, and sensitive data from unauthorized access, cyber threats, and operational risks.
• Conduct security monitoring, threat detection, investigation, and incident response activities using security information and event management (SIEM) tools, endpoint protection platforms, and security analytics systems to detect, analyze, and remediate cybersecurity threats.
• Perform vulnerability assessments, risk analyses, and security testing of enterprise systems, cloud platforms, and software applications to identify security weaknesses and recommend remediation strategies.
• Support application and software security engineering initiatives by integrating secure coding practices, application security testing, and security controls into software development and deployment processes.
• Collaborate with software and application engineering teams to ensure that security controls are integrated into system architecture, software development lifecycles, and enterprise technology environments.
• Administer and maintain identity and access management (IAM) systems including role-based access control, multi-factor authentication (MFA), and single sign-on (SSO) to enforce least-privilege access and secure authentication across enterprise systems and applications.
• Monitor network traffic, system logs, and security alerts to detect anomalous activities and investigate potential cybersecurity incidents affecting enterprise infrastructure and applications.
• Configure, implement, and manage enterprise security technologies including firewalls, endpoint protection platforms, intrusion detection and prevention systems (IDS/IPS), cloud security controls, and vulnerability management tools to safeguard digital infrastructure and application environments.
• Analyze security logs and alerts generated by SIEM platforms to identify threats and coordinate response and remediation efforts across IT and security teams.
• Develop, implement, and maintain cybersecurity policies, procedures, and technical controls aligned with recognized governance, risk, and compliance (GRC) frameworks and security standards including NIST Cybersecurity Framework (NIST CSF), NIST Risk Management Framework (NIST RMF), FedRAMP, ISO/IEC 27001, ISO 9001, ISO 20000, and Cybersecurity Maturity Model Certification (CMMC).·
• Support security governance, risk management, and compliance activities by participating in risk assessments, control validation, and security program implementation aligned with enterprise regulatory and operational requirements.
• Prepare and maintain security documentation including System Security Plans (SSP), policies, procedures, risk assessment reports, and security control documentation supporting regulatory compliance initiatives.
• Collaborate with internal teams, auditors, and stakeholders to support security assessments, authorization processes, and continuous monitoring activities.
• Monitor emerging cybersecurity threats, vulnerabilities, and technology trends and recommend improvements to enterprise security architecture, application security controls, and organizational cybersecurity strategies to enhance the organization’s cyber defense posture.

Must Haves:

• Knowledge of firewalls, network designs, and maintenance/expansion of secure network environment
• Ability to implement data network security measures.
• Ability to operate/monitor network intrusion detection tools and operate network forensic tools.
• Ability and experience in Incident Response (IR) and Endpoint Detection Response (EDR) configuration and installs
• Experience troubleshooting technical problems/vulnerabilities in various operating systems such as Linux and Windows, and in physical and/or virtualized environments.
• Investigative, analytical, and problem-solving skills
• Ability to work well within a small team environment
• Experience working with network administrators for hardening and remediation.
• Professional oral and written communication skills.
• Excellent problem solving and analytical skills.
• Ability to appropriately balance priorities, deadlines, and deliverables.

Education and Certification Requirements:

• Master's degree in Information Technology, Computer Science, Computer Technology or a related field desired.
• CISSP or equivalent is preferred but not required
• CompTIA Security+ or equ
• CCNA or equivalent
• CCP or CCA
• AWS AI Practitioner, and/or CGRC

Benefits:

• 401(k)
• Health insurance
• Relocation assistance

Compensation Package:

• Yearly pay

Schedule:

• 8 hour shift
• Monday to Friday

Experience:

• Linux: 1 year (Preferred)
• Cybersecurity: 1 year (Preferred)
• Information security: 1 year (Preferred)

Work Location: In person