Cyber Security Engineer III (Hybrid)

• Tier One Technologies is seeking a Cyber Security Engineer III to support software and system security tasks for:
  • Mail Processing Equipment and Material Handling Equipment (MPE/MPH) System and Software Security
  • Security Assessments and Patch Management
  • Network Traffic Management
• This hybrid position will be located in Merrifield, VA.
• SELECTED CANDIDATES WITHOUT REQUIRED CLEARANCE WILL BE SUBJECT TO A FEDERAL GOVERNMENT BACKGROUND INVESTIGATION TO RECEIVE IT.
• The enforced dress code is business casual, i.e., collared shirt with slacks for men, no skirts above the knee for women.

Qualified candidates will evaluate, analyze, plan, test, and provide support for the objectives described below:

MPE/MHE System and Software Security

• There are approximately 250 MPE/MHE systems that ES supports. Changes to existing systems range from software maintenance releases to large-scale mechanical and software updates (Tech Refresh programs). Also included are newly acquired MPE/MHE systems. USPS cyber security standards are developed and modified by Chief Information Security Office (CISO) and ES and are the requirements to which the MPE/MHE systems must follow.
• This objective describes the work that will be performed with ES management, system owners, and software teams to achieve cyber security design and verification goals for maintenance releases, tech refreshes, and new system acquisitions:
• Support MPE/MHE system owners and development teams in cyber security architecture reviews including initial designs, documentation, and testing. To help in this effort, the Team shall:
• Create a golden standard for each platform;
• Develop and maintain reference systems;
• Maintain centralized libraries for scripts, fixlets, and software to implement patches and security features, leveraging the BigFix software suite;
• Develop documentation – standards, test cases, requirements;
• Implement a Secure Coding process within the ES MPE/MHE DevSecOps software development process;
• Perform MPE/MHE vulnerability scans;
  Work with MPE/MHE teams on identifying timelines for remediating vulnerabilities, upgrading legacy operating systems (OS) and database applications, and implementing system changes according to new security standards on Production systems;
• Coordination of cyber security tasks with program office and engineering managers on new MPE/MHE systems, including architecture and technology assessments, and validating implementation of security requirements through test phases and security reviews.

Deliverables/Expectations

• Deliverable: Technical reports, assessments, presentations, schedules, and other written artifacts that deliver results of cyber security analysis and recommendations based on CISO and ES standards
• Expectation: Attend MPE/MHE team meetings and develop documentation in support of legacy and new MPE/MHE

• Deliverable: Support to MPE/MHE teams to design and verify cyber security requirements on Production systems
• Expectation: Approximately 70 releases/year

• Deliverable: Review and provide analysis of security requirements for new MPE/MHE
• Expectation: Approximately 5 programs/year

• Deliverable: Update the Software Security Statement of Work, as required and if there are changes in standards or applications to new environments (e.g., Artificial Intelligence, Machine Learning)
• Expectation: Approximately 2 updates/year

Security Assessments and Patch Management

• Develop best practices for cyber security and patch updates on legacy MPE/MHE systems and network designs. ES uses the HCL BigFix application to monitor, report, and install patch updates;
• Maintain ES security patch processes and documentation; ES uses the MicroFocus Solutions Business Manager (SBM) application to manage the patch process and deliverables;
• Using the ES security applications, BigFix and Forescout, and the Mail Processing Inventory Repository (MPIR) data, provide MPE/MHE patch and vulnerability reports to assist MPE/MHE development teams in planning and implementing software upgrades for required security patches;
  Analyze and provide recommendations to remediate MPE/MHE vulnerabilities and responses to Enterprise Cyber Risk Management System (ECRMS) risk assessments;
• Provide recommendations to ES management to improve the patch process and the applications used to assign, verify, and install patch releases.

Deliverables/Expectations

• Deliverable: Vulnerability reports, assessments, develop process and training documents, and other written artifacts that deliver results of analysis and recommendations
• Expectation: Work with MPE/MHE teams in support of patch updates on MPE/MHE

• Deliverable: Creation of a MPE/MHE system architecture review process to verify adherence to systems security standards during design phase
• Expectation: Review/revise the existing software security requirements

• Deliverable: Assess and provide recommendations as needed to improve the ES patch process and associated reports.
• Expectation: Learn and use the tools that manage the process; assist in implementing improvements

• Deliverable: Work with MPE/MHE teams during cyber security assessments and remediation of issues found during the assessments.
  Expectation: Approximately 40 releases/year

Network Traffic Management

• Update Mail Processing repository and other records accordingly to ensure accurate profiling for network controls;
• Validate MPE/MHE MPNACS policies and rule changes;
• Maintain detailed network connectivity requirements for each system;
• MPE/MHE RFC 1918 administration and changes;
• Development and installation of jump servers at each site for secure access to MPE/MHE.

Deliverables/Expectations

• Deliverable: Maintaining MPE/MHE configurations in the ES MPIR based on meetings with teams and other written artifacts that deliver results of analysis and recommendations
• Expectation: Update the network data in MPIR using MPNACS data and from system owners

• Deliverable: Create and maintain MPNACS policies and rules for all MPE/MHE systems.
• Expectation: Update Access Control list as required

• Deliverable: Define requirements for and coordinate installation of servers to support remote access to MPE/MHE
• Expectation: Develop requirements based on current usage and Stakeholder needs

• Bachelor’s degree in a technical specialty such as cyber security, computer science, management information systems or related IT field.
• 5-7+ years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.
• 5-7+ years of ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews.
• 5-7+ years Comprehensive understanding of change management techniques associated with new technology implementation.
• 5-7+ years demonstrating leadership ability.
• CERTIFICATIONS (One or more required): CISSP, CISM, SABSA, GIAC
• Must be able to obtain a Position of Public Trust Clearance
• Pass both a client mandated clearance process to include drug screening, criminal history check and credit check.
• All candidates must be a US Citizen or have permanent residence status (Green Card).
• Candidates must have lived in the United States for the past 5 years.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)