SEMCON supports the Federal Aviation Administration (FAA)'s mission, vision, and goals; and provides highly qualified, professional, technical, and managerial resources to satisfy our customer requirements.
SEMCON's company culture aligns enriching career experiences, growth opportunities, and collaborative engagement for all of our SEMCON employees which results in a rewarding environment and a company value which is greater than the sum of our parts.
We are in search of a Security Engineer who will join our team at the William J. Hughes Technical Center to support the Voice Switching and Recording (VS&R) program.
The Security Engineer's experience should include all or a combination of the following items associated with two general functions of this role:
Security implementation: hardening and ongoing maintenance
- Understand the use of operating system configuration, software configuration, and design choices to address security controls (such as NIST SP 800-53)
- Experience configuring COTS and open-source software packages
- Knowledge of CISCO IOS and configuration of security features
- Thorough technical understanding of IP networks and the OSI model.
- Experience hardening operating systems to industry standard benchmarks (e.g. CIS, STIGs)
- Experience analyzing TCP/UDP port scanning results and identifying/analyzing associated vulnerabilities
- Deep knowledge of Linux/Unix operating structure and interfaces with experience in scripting (BASH)
- Familiarity with languages such as C++, Python, and the differences between them
- Experience applying updates/patches for operating systems, applications, and device firmware
- Experience with the use of change control processes to manage system baselines
- Plan, execute and track security risk assessment process adherence, interfacing with stakeholders from other functional areas (such as other security teams) and coordinating with vendor resources to assist with remediation
- Experience building and adhering to schedules to meet security authorization milestones, reporting status on the milestones and providing solutions to schedule challenges to avoid impacts
- Experience performing analysis of 3rd party system security design at the software, operating system and network level, and documenting system security design to address NIST controls
- Thorough technical understanding of NIST SP 800-53 security controls, and participation in risk assessments of systems to NIST controls
- Experience conducting vulnerability and compliance assessments of systems using industry standard benchmarks (e.g. CIS, STIGs) with tools such as Nessus and nmap
A Master's Degree in Computer Science, Engineering, or related discipline and at least 16 years of experience is preferred.
SEMCON will offer the Security Engineer a competitive salary and complete benefits package which includes health benefits (medical, dental, vision, and life), 401K with a generous employer match, paid time off, and paid holidays. Some telework may be available.