This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description We are seeking an experienced Senior Security Engineer to remotely support our federal customer located in Clarksburg, WV. This role requires at least a Secret Security Clearance, and the primary work location is remote. Responsibilities include: - Performs security audits, risk analysis, application-level vulnerability testing, and security code reviews. - Develops and implements technical solutions to help mitigate security vulnerabilities. - Conducts research to identify new attack vectors. - Supports mainframe with scanning and other security focused operational support responsibilities. Qualifications - Bachelor’s Degree with 8 years of work experience. - Active Tier 3 Secret clearance. - 5+ years of experience performing security audits, risk analysis, application-level vulnerability testing, and security code reviews. - 5+ years of experience developing and implementing technical solutions to help mitigate security vulnerabilities. - Experience working within the Agile Methodology. - Experience in a cloud native architecture. - Experience working in a Kafka infrastructure. - Experience with container security in AWS. - Building and maintaining secure CI/CD Pipelines. - Strong understanding of federal security requirements. - Strong written and verbal communication skills. Company Description NextGen Federal Systems is an innovative technology and professional services provider specializing in advanced software solutions and comprehensive mission and business support services. We work in close collaboration with our Customers to truly understand their business and mission goals. Our approach is to design, build, implement, and manage solutions that measurably improve our client’s organizational performance. We have established and foster a corporate culture where we: - Treat employees with fairness and respect regardless of their position, tenure, race, or sexual identity. - Communicate the importance of our mission and our employees’ contributions to it, ensuring they understand how their job role contributes to the greater good. - Openly promote and communicate our ideas for change and adaptability. - Strive to achieve results as an organization. - Hold employees accountable to their commitments and provide incentives that encourage positive and productive behaviors. - Value the talents and contributions of our employees as the key factor for our success. - Create an environment where people can engage at all levels. - Encourage people to take risks and allow them to make mistakes.

• Primarily responsible for OT security event monitoring, management, and response • Create an IS reference architecture for our OT networks • Work with OT engineering team, as well as with SOC team and verify that the reference architecture fits the business processes and requirements • Work with OT engineering teams for defining security controls for their on-going projects • Provide technical guidance to the GRC team with assessing OT 3rd party vendor and supply chain • Integrate with OT engineering projects and verify that the required IS controls are properly implemented • Revise and develop processes to strengthen the current OT Security Operations Framework, review policies and highlight the challenges in managing SLAs • Perform threat management, threat modeling, identify threat vectors and develop use cases for OT security monitoring including red\blue penetrations tests • Responsible for developing, configuring, and maintaining OT security automation and orchestration IR’s and tools. • Creation of reports, dashboards, metrics for OT security operations and presentation to Sr. Mgmt. • Create required standards and procedures (i.e. IS purchasing standard, sanitization process) in coordination with all relevant stakeholders

• Perform cybersecurity risk assessments on complex, enterprise organizations. • Identify and evaluate security misconfigurations and vulnerabilities while considering compensating controls and operational needs across the aforementioned systems and services. • Analyze the potential impact and likelihood of identified risks across different environments (on-prem, cloud, hybrid). • Write highly detailed technical reports on the findings, mitigation strategies, compensating controls, and methodology that can then be digested by both an executive and technical audience. • Create and conduct technical reviews of various highly detailed cybersecurity testing reports. • Research and stay up to date with the latest testing techniques, tools, and methodologies. • Present reports to customers and discuss nuanced technical recommendations, with the expectation of leading customer presentations within 3 months. • Discuss with, collaborate with, and train teammates from the Cybersecurity Red Team around various tools and techniques associated with cybersecurity risk assessment. • Assist team members on other projects and engagements, such as Social Engineering, Network Penetration Testing, and Vulnerability Review.

• Assist in the development of compliance programs • Support the Risk Management team • Help prepare reports and documentation for audits • Collaborate with various teams to enhance security measures