- Company Name
- TCG
- Job Title
- Compliance and Security Engineer
- Job Description
-
**Job title:** Compliance and Security Engineer
**Role Summary:**
Implement and maintain security controls for a federal agency, ensuring compliance with NIST 800‑53 Rev 5, 800‑61, and FISMA. Conduct vulnerability assessments, operate SIEM, author security documentation, automate tasks, and mentor junior analysts.
**Expectations:**
- U.S. citizen with successful federal background investigation (security clearance required).
- Availability for remote work, with occasional on‑site meetings within commuting distance of Washington, D.C.
**Key Responsibilities:**
- Run scheduled vulnerability scans (Nessus, Tenable, Qualys) on Windows, Linux, and containers; analyze results, document findings, and create POA&M remediation plans.
- Operate enterprise SIEM (Splunk, QRadar, ArcSight) to correlate alerts, conduct root‑cause investigations, and execute incident containment per NIST 800‑61.
- Draft, maintain, and update SSPs, risk assessment reports, POA&M logs, and SRTMs to align with NIST 800‑53 Rev 5 and FISMA.
- Build compliance dashboards and report status to leadership.
- Design, implement, and test NIST controls (Access Control, System & Communications Protection, Authentication).
- Perform control assessments, pre‑penetration test reviews, and validate security posture.
- Harden OSes (Windows, RHEL/CentOS, Ubuntu) and container images using CIS Benchmarks; scan for compliance.
- Review source code (Python, Ruby, Java) for OWASP/CIS violations; recommend secure coding practices.
- Automate repetitive security tasks using Python, Bash, or PowerShell.
- Embed security into CI/CD pipelines (Jenkins, GitLab, Azure DevOps).
- Mentor junior analysts on monitoring, logging, and documentation.
- Author knowledge‑base articles and conduct short training workshops.
**Required Skills:**
- ≥4 years IT security experience, including ≥2 years in a federal or ISSO‑equivalent role.
- Mastery of NIST 800‑53 Rev 5, 800‑61, and related publications.
- Proficiency with SIEM platforms (Splunk, QRadar, ArcSight).
- Experience with vulnerability scanners (Tenable, Qualys, Nexpose) and remediation planning.
- Strong monitoring/infrastructure design, dashboard creation, threshold tuning.
- scripting in Python (or PowerShell, Bash) for automation and data extraction.
- Solid networking fundamentals (TCP/IP, DNS, HTTP/HTTPS, SSL/TLS) and troubleshooting.
- Adept at secure coding review, threat modeling, and secure deployment practices.
- Excellent communication skills for technical briefs and stakeholder reporting.
**Required Education & Certifications:**
- BA/BS in Computer Science, Information Security, or related field (or equivalent experience).
- Certifications: CISSP, CISM, or equivalent security credential preferred.
Washington, United states
Hybrid
Junior
22-11-2025