Description
Description
SAIC currently has an opening for a Security Engineer to support the Department of State (DoS) Bureau of Diplomatic Technology. DT provides enterprise architecture design, engineering, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department.
The Security Engineer shall develop next-generation security solutions to secure the organization's communication fabric. This role engineers the next generation security layers that protect data moving across internal networks, cloud environments, and remote access tunnels. They are the strategic lead in ensuring that every network handshake—whether via TLS, IPsec, or SSH—is backed by a robust and resilient cybersecurity infrastructure.
Description of Duties
- Secure Connection Management: Oversee the security of network tunnels and data-in-transit protocols. This includes managing the certificates and configurations for VPNs, secure gateways, and encrypted communication channels that link internal networks to external service providers.
- Lifecycle Automation: Develop and implement automated workflows for the lifecycle of security credentials. This reduces manual intervention, minimizes human error, and ensures timely rotation to meet security standards.
- Identity & Access Integration: Align access with the organization's identity management framework. Ensure that only authorized systems and personnel can access sensitive keys and that all access is logged and audited according to the principle of least privilege.
- Security Compliance & Auditing: Monitor and report on the status of encryption and network security controls. Conduct regular reviews to ensure that all hybrid and cloud-based configurations meet organizational security policies and industry regulatory requirements.
- Vulnerability & Risk Mitigation: Identify and remediate security gaps in the hybrid network infrastructure. This involves assessing the risks associated with data movement between environments and implementing hardening measures to protect against unauthorized access or data leakage.
- Incident Response Support: Provide subject matter expertise during security incidents involving encryption failures or unauthorized network access. Assist in the rapid revocation and replacement of compromised credentials to restore secure operations.
Qualifications
Required Education & Experience:
- Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; may accept additional experience in lieu of degree.
- Technical Expertise: Deep knowledge of symmetric and asymmetric encryption (e.g., AES, RSA, ECC) and Public Key Infrastructure (PKI) and Post Quantum Encryption.
- Proven experience managing security in a multi-environment IT infrastructure (e.g., mixing local servers with cloud services).
- Understanding of core network transport security concepts (symmetric vs. asymmetric encryption, hashing, and digital signatures) and network security protocols (TLS/SSL, IPsec, SSH).
- Ability to troubleshoot complex connectivity and encryption issues across different technical platforms.
- Skill in documenting technical procedures and explaining security risks to both technical teams and management.
- Familiarity with handling classified or confidential materials.
Required Clearance:
- US Citizenship.
- TOP SECRET/SCI (Active).
Desired Experience/Skills/Attributes:
- Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), Foreign Affairs Manuals (FAMs) preferred.
- Interpersonal skills including the ability to collaborate effectively, self-awareness, and excellent written and oral communications.
- Previous COMSEC experience
Apply on company website
Find Connections via Linkedin
