Information Security Engineer

• Location: Jacksonville, Florida
• Type: Contract
• Job #1556

A Bachelor degree in Computer Science, Computer Information Systems, Information System
Technologies, Management Information Systems or a closely related field from an accredited college or
university.
Experience:
Minimum 3 years of verifiable professional experience in an Information Security Operations and/or
design role. Valid experience shall include Cyber Security, Cyber Defense, or closely related field.
Certifications:
Four certifications required. One from each focus: Cyber-Security focus, Information Security focus,
Public Cloud architecture focus, Networking focus.
1. GSEC, GIAC or CEH
2. Comptia Security+, or CISSP or Comptia CASP+
3. AWS or Azure (Professional architect Associate level certification)
4. Any entry networking certification (Network + or CCNA)
Principle job activities:

Knowledge of:
– Architecting IAM, SCIM, Idp, CASB, SSO, etc
– Information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, WebInspect, Nikto
or similar.
– Knowledge of information system architecture and security controls, such as firewalls and
border router configurations, operating systems configurations, wireless architectures,
databases, specialized appliances and information security policies and procedures, VPNs, etc.
– Technical knowledge of AWS or Azure or OCP (IAAS), deploying security constructs in public
cloud environments.
– Technical knowledge of SIEM, IDS/IPS, vulnerability assessment tools, remote access
methodologies, log management tools, firewalls, cryptography, and digital certificates.
– Surveillance, Access Control, and related Alarm Systems.
– Implement or improve methods and techniques of securing DR, on-prem to Cloud
communications, Cloud to cloud communications.
– Document cyber security issues and impact and identify potential threats.
– Knowledge of Industry Standards like ISO, NIST, PCI-DSS and others.
Skilled in:
– Performing manual techniques to exploit vulnerabilities in the OWASP top 10 including but not
limited to cross-site Scripting, SQL injections, session hi-jacking and buffer overflows to obtain
controlled access to target systems.

– Performing network traffic forensic analysis, utilizing packet capturing software, to isolate
malicious network behavior, inappropriate network use or identification of insecure network
protocols.
– Analyzing and testing attack and penetration of Internet infrastructure and Web-based
applications utilizing manual and automated tools.
– Preparing clear and concise reports and documentation.
– Application source code security review.
– Communicating clearly and concisely, both orally and in writing.