Cyber Security Engineer, Mid-level

As a Mid-level Cyber Security Engineer at Dark Wolf Solutions, your key responsibilities will include supporting the accreditation activities to maintain Authority-to-Operate for networks, performing security assessments of cloud and on-prem environments, as well as implementing compliance with government cybersecurity frameworks. You will also monitor systems for vulnerabilities and threats, conduct vulnerability management, and aid in the continuous integration processes.

To be considered for the Mid-level Cyber Security Engineer position at Dark Wolf Solutions, candidates must possess a minimum of 3 years of experience with NIST SP 800-53 and the Risk Management Framework, as well as advanced experience in securing and maintaining Linux devices. Additionally, an active Secret security clearance, knowledge of vulnerability management tools, and a high school diploma are required. Desirable qualifications include relevant certifications and a Bachelor's degree in Computer Science or Cybersecurity.

Critical thinking and advanced troubleshooting skills are essential for a Mid-level Cyber Security Engineer at Dark Wolf Solutions. Also, proficiency in endpoint device monitoring, experience with enterprise configuration automation, and familiarity with security standards such as DISA STIGs will significantly enhance your application. Experience with the ELK stack and familiarity with cloud security will be advantageous.

Candidates applying for the Mid-level Cyber Security Engineer role at Dark Wolf Solutions should be familiar with tools such as the Tenable Nessus for vulnerability management, and configuration management tools like Terraform or Ansible. Experience with cloud security assessments and using the Palo Alto or Cisco devices will also be crucial.

The work environment at Dark Wolf Solutions for Mid-level Cyber Security Engineers is vibrant and collaborative, located in the Discovery District at The University of Maryland’s campus in College Park, MD. Employees typically work onsite three days a week, providing a great balance of teamwork and innovation within a high-paced cybersecurity context.

In my previous roles, I have diligently implemented various controls outlined in the NIST SP 800-53 framework, focusing on risk management and compliance. I ensured that our systems met the necessary guidelines for security categorization and access control, thereby directly contributing to maintaining Authority-to-Operate compliance. I emphasize tailoring these standards to meet the specific security needs of the organization.

My approach to identifying and addressing network vulnerabilities begins with regularly scheduled scans using tools like Tenable Nessus. Once vulnerabilities are identified, I prioritize them based on risk and impact, collaborating with stakeholders for timely remediation and enhancing security posture. Continuous monitoring and regular updates are crucial in this process, ensuring we stay ahead of potential threats.

I once encountered a sophisticated phishing attack that targeted multiple employees. Recognizing the urgency, I quickly coordinated with our IT team to implement stronger email filters and conduct an organization-wide awareness campaign. We analyzed the attack’s entry points and adjusted our monitoring tools accordingly, greatly reducing the chances of a repeat occurrence.

Ensuring compliance with DoD Cybersecurity policies involves a meticulous process of staying informed on the latest guidelines and frameworks. In prior positions, I actively participated in A&A documentation and compliance checks, utilizing various government frameworks to advise and execute necessary security measures that align with policy mandates.

I have extensive experience in managing Linux-based systems, including service management, user account oversight, and implementing security protocols such as encryption. Regular system auditing and vulnerability assessments have been a core part of my Linux management responsibilities to ensure ongoing compliance and security integrity.

I employ a combination of automated monitoring tools like the ELK stack alongside manual auditing processes. By evaluating logs for anomalies and suspicious activities, I can take proactive measures to safeguard our systems. Regular reviews of our configurations and permissions are part of my routine to maintain compliance and security standards.

My work with cloud security includes assessing security configurations and compliance against established standards, such as DISA STIGs. Utilizing vulnerability management tools, I regularly conduct audits and implement remediation steps to ensure that cloud resources maintain the highest security levels throughout their lifecycle.

Teamwork is vital in cybersecurity, as collaboration fosters diverse perspectives and innovative solutions. I regularly engage in team discussions and brainstorming sessions to address security challenges, valuing the insights my colleagues bring in terms of experience and expertise in various areas of cybersecurity.

To keep abreast of the latest trends and threats in cybersecurity, I subscribe to relevant industry newsletters, follow influential cybersecurity blogs and participate in forums and webinars. Networking with peers and attending conferences allows me to exchange ideas and strategies that can inform my work.

I hold several relevant certifications such as Security+ and CEH, which validate my knowledge of cybersecurity principles and practices. I believe in continuous learning, so I am actively pursuing additional certifications that align with my career growth and the evolving landscape of cybersecurity technologies.