Information System Security Engineer

Electrosoft Services, Inc. is an award-winning company that provides comprehensive technology-based solutions and services to federal customers. While cybersecurity is our specialty, we also focus on ICAM, enterprise IT modernization, and software solutions. We always seek to delight our customers, so we retain highly qualified employees and offer them meaningful work, growth opportunities, and work-life balance. What sets us apart from all other contractors is the sense of teamwork our employees feel - and the knowledge that outstanding effort is recognized and rewarded. The camaraderie we share emanates from Lunch & Learn sessions where we explore new ideas together, fun group activities ranging from escape rooms to miniature golf, and much, much more. If we've described you and your dream workplace, please apply and share in the many benefits and opportunities we offer.

Information System Security Engineer (Risk & Vulnerability Management)

Summary:

The Security Engineer - Risk & Vulnerability Management is a key member of the Information Security team, responsible for proactively identifying, assessing, and mitigating security risks associated with the organization's servers, software applications, and cloud infrastructure. This role requires a deep understanding of vulnerability management best practices, and risk assessment frameworks. The Security Engineer will work closely with IT teams to ensure timely remediation of vulnerabilities and the implementation of effective security controls.

Responsibilities:

• Risk Assessment & Management:
  • Plan, execute, and document comprehensive security risk assessments of servers (on-premise and cloud), software applications (web and desktop), and infrastructure components.
  • Analyze business impact, threat landscape, and vulnerability data to determine overall risk posture.
  • Develop and maintain a risk register, tracking identified risks, mitigation plans, and remediation progress.
  • Contribute to the development and maintenance of the organization's risk management framework.
• Vulnerability Management:
  • Perform regular vulnerability scanning using tools such as Nessus, Qualys, Rapid7 InsightVM, or similar.
  • Analyze scan results, identify false positives, and prioritize vulnerabilities for remediation.
  • Collaborate with system administrators, developers, and other IT teams to ensure timely patching and remediation of vulnerabilities.
  • Track and report on vulnerability remediation progress.
• Security Tooling & Automation:
  • Maintain and improve vulnerability scanning infrastructure.
  • Develop and implement automation scripts to streamline vulnerability management processes.
  • Evaluate and recommend new security tools and technologies to enhance risk assessment and vulnerability management capabilities.
• Security Awareness & Training:
  • Develop and deliver security awareness training to IT staff and other stakeholders on risk assessment and vulnerability management best practices.
• Compliance & Reporting:
  • Ensure compliance with relevant security standards and regulations (e.g., PCI DSS, HIPAA, GDPR).
  • Prepare reports on risk assessment findings, vulnerability remediation progress, and overall security posture.
• Thought Leadership & Customer Engagement:
  • Research and write white papers, blog posts, or articles on emerging cyber threats, security trends, and best practices.
  • Develop actionable recommendations for customers to improve their security posture based on the latest threat intelligence and industry trends.
  • Present findings and recommendations to customers and internal stakeholders.

Basic Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in information security, with a strong focus on risk assessment and vulnerability management.
• In-depth understanding of vulnerability management frameworks (e.g., NIST 800-53, OWASP).
• Experience with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7 InsightVM, OpenVAS) and penetration testing tools (e.g., Metasploit, Burp Suite).
• Strong knowledge of common operating systems (Windows, Linux), networking protocols, and web application security.
• Experience with scripting languages (e.g., Python, PowerShell) for automation.
• Excellent analytical, problem-solving, and communication skills.
• Relevant 8140 security certifications (e.g., CISSP, CISA, CISM, OSCP, CEH) preferred.
• Experience with cloud security (AWS, Azure, GCP)