Labor Category Description for DCSA Security Engineer
Labor Category Name DCSA Security Engineer Clearance Requirements TOP SECRET security clearance/eligibility determination based on a favorably adjudicated T5 or T5R Qualifications Required Qualifications include:
- CompTIA Security+ CE certification required
- Bachelor’s Degree in a related field (e.g. Computer Science, Business Administration, etc.)
- Minimum 4-6 years of hands-on experience in cyber security roles, with a strong foundation in network security, vulnerability management, and incident response
- Minimum 4-6 years of hands-on experience conducting risk assessments, developing security policies, and ensuring compliance with regulatory and DoD standards
- Must be proficient in implementing and managing security controls across diverse IT environments
- Must be able to work onsite at DSCA office in Washington, DC. Telework may also be available at the discretion of the government.
Desired Qualifications include:
- Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM) certification preferred
- In-depth understanding of technologies such as Microsoft.NET, Windows Presentation Foundation (WPF), Windows Communication Foundation (WCF), Entity Framework (EF), SQL Server, etc.
Duties & Responsibilities
- The DCSA Security Engineer duties include implementing and managing robust security solutions such as firewalls, IDS/IPS systems, and VPNs to safeguard organizational networks and systems. Conducting thorough vulnerability assessments, penetration testing, and security audits are routine to identify and mitigate potential risks.
- Responding to security incidents, conducting forensic analysis, and recommending preventive measures are crucial responsibilities. Ensuring compliance with regulatory standards through the development and maintenance of security policies and procedures is essential. Collaborating closely with cross-functional teams, providing security guidance and support, and promoting security awareness and training are also key aspects of the role. Staying abreast of emerging cyber threats and technologies allows for proactive adaptation of security measures, ensuring robust protection of organizational assets and data.
- The DCSA Security Engineer ensures client software and browser‐based solutions are compliant with DCSA’s end‐to‐end security standards including data encryption at rest and in transit. Transitory data on a client must be encrypted or deleted immediately to ensure minimal risk of inadvertent exposure. All user‐oriented security solutions must be role‐based; PIV enabled and may be based on the emerging PSS PMO Identify Access Management (IDAM) solution. Security solutions should be designed and implemented end‐to‐ end from the PIPs WebSphere environment to the local JAVA (or other relevant) code on the client using encryption, PIV, and WebSphere and client security tools and APIs.
- Provide weekly reports and triage summaries.
Deliverables
- The DCSA Scrum Master/Requirements Analyst must ensure the on-time delivery and acceptance of Remedy & closure of security vulnerability/POA&Ms.
- Provide Weekly Status Reports that document all weekly activities.
Reports To DCSA Project Manager Location US Office of Personnel Management Theodore Roosevelt Building (TRB) 1900 E Street NW Washington, DC 20415 Telework may also be available at the discretion of the government.
