ZERO TRUST SYSTEMS ENGINEER: Senior Level
Location: Chantilly, VA US
Security Clearance Requirement: TS/SCI with Full Scope Polygraph
Clearance Status: Must be Current
JOB DESCRIPTION:
If you are looking for a position that is different from your normal network / cyber security
position, please keep reading. Inferno Systems is looking for a ZeroTrust Systems
Engineer who is familiar with both network defense and offensive techniques to support
ongoing operations and secure our customers' networks. We are looking for engineers to
lead and manage data security strategies ensuring implementation of robust ZeroTrust
principles.
JOB SUMMARY:
We are looking for a ZeroTrust Systems Engineer to support internal systems and networks
for operations. You will be designing, engineering and implementing complex data
protection strategies based on ZeroTrust principles that go beyond encryption, including
tokenization, data masking and other techniques to secure sensitive data across networks.
You will provide expert guidance on IAM principles and methods. You will design and
manage identity-centric access controls, defining granular permissions and enforcing least
privilege. You will implement and manage encryption methods for data at rest, in transit
and during processing.
REQUIRED SKILLS:
- Proficiency working in a Linux environment (CentOS, Debian, Rocky, Ubuntu, etc.)
- Proficiency configuring and maintaining Windows environments including Server 2016+
and Windows 10/11.
- A deep understanding of Active Directory, including configuring and editing AD domain
services.
- Manage and maintain Pluggable Authentication Module (PAM) software such as
CyberArk, Thycotic and Imprivata
- Experience with secrets management including Ansible Vault and/or Hashicorp Vault
- Configuring Linux servers for both local authentication with varying degrees of sudo
permissions as well as joining servers to the domain with least privilege.
- Manage and design MFA environments using Yubikeys, RSA fobs or similar.
- Experience maintaining network segmentation and redirection using iptables, nftables,
Illumio, Gardicore or similar.
- Familiarity with network scanning tools such as Nessus and the ability to understand and
remediate findings.
- Experience with VMware vSphere, KVM or other virtualization software
- Experience architecting, designing and implementing ZeroTrust security policies and
principles across multiple network segments with various software and hardware stacks.
- Experience implementing and maintaining security controls and analytic platforms
leveraging data centric insights to identify and detect anomalous behaviors, potential threats
and vulnerabilities.
- Expertise defining and enforcing data retention policies in compliance with ZeroTrust
- Knowledge of strong authentication methods such as MultiFactor Authentication (MFA),
biometric and smart card.
- Knowledge of encryption algorithms and key management in a ZeroTrust environment.
- The ability to create and manage TLS certificates.
- Experience with automation in Linux such as bash or python scripting
- Experience with automation in Windows including proficiency with PowerShell
DESIRED SKILLS:
- Prior experience in a cyber-security role such as network defense, penetration testing and
network forensics, or incident response.
- Experience with using cloud providers such as AWS, Azure, GCP, Digital Ocean or others.
- Experience monitoring network activity, to include performing network packet inspection,
traffic analysis, performance characterization (e.g., Wireshark, tcpdump, etc.).
- Understanding of Linux network security tools (e.g., Metasploit, Netcat, Nmap, iptables,
BurpSuite, IDS, SELinux, etc.).
- Experience performing analysis of log files from a variety of sources, to include individual
host logs, network traffic logs, firewall logs and IPS logs.
- Experience with orchestration frameworks such as Salt, Puppet or Ansible.
- Demonstrated knowledge of information security discipline via industry certification such
as: OSCP, CCSP, CISSP, SSCP, GIAC (Security Track).
- Experience conducting incident response to include: research and identification of attack
vector, malware mitigation and removal and documentation of the event.
- Motivated self-starter with an analytical focus, problem solving skills, time management
skills and a passion for computer, network, or cyber security.
- Actively seeks to enhance the group through knowledge sharing.
Job Type: Full-time
Pay: $200,000.00 - $275,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Referral program
- Retirement plan
- Tuition reimbursement
- Vision insurance
Compensation package:
Schedule:
- 8 hour shift
- Monday to Friday
Application Question(s):
- Do you have an active TS/SCI Security Clearance with a Full Scope Polygraph? Unfortunately, applicants without this clearance will not be considered.
Ability to Commute:
- Chantilly, VA 20151 (Required)
Work Location: In person