Seneca Holdings, the business arm of the Seneca Nation, is the parent company of the Seneca Nation Group (SNG). The SNG portfolio of companies, our federal government contracting business unit, meet mission-critical needs of federal civilian, defense, and intelligence community customers across a variety of domains. To learn more visit our website here and follow us on LinkedIn.

The Seneca Holdings family of companies offer competitive compensation and a strong benefits package including comprehensive medical and dental care, matching 401K, paid time off, flexible spending accounts, disability coverage, and other benefits that help provide financial protection for you and your family. We pride ourselves on our collaborative work environment and culture which embraces our mission of providing financial and non-financial benefits back to the members of the Seneca Nation.

Seneca Holdings is seeking an Information Security Engineer who will use information security, compliance and risk assessment skills and experience to enhance our enterprise Information Security projects, operations, policy, and procedures for Seneca Holdings LLC. and its business subsidiaries. This position focuses on information security operations, conducts reoccurring risk analysis, preparation and execution of compliance, readiness, and documentation requirements while following industry and US Government standards while meeting compliance and security objectives. This role will also support engineering and the Helpdesk with onsite assistance to employees in a physical, professional office environment. This team member will support a hybrid schedule from our Chantilly, VA office.

The ideal individual for this role will need to demonstrate strong organizational and communication skills (written and verbal) and a passion for superior customer service. The Information Security and Compliance Engineer must be a team player yet work constructively and independently as directed. The person fulfilling this role is a consummate professional, detail oriented and self-motivated individual focused on goals and objectives throughout the year.

Summary of Location and Hours:

• Hybrid Position – on site in Williamsville NY and telework as directed.
• Monday – Friday approximately 8:00 am to 5:00 pm EST. Most services are provided during normal business hours. That said, Seneca Holdings and its subsidiaries supports employees and locations worldwide, in many time zones. Planned and unplanned work schedules to include nights and weekends may be necessary. Requirements for on-call support coverage and working hours are also possible.

Responsibilities include, however, are not limited to:

• Detect and respond appropriately to security threats and incidents.
• Interface with external vendors, suppliers, consultants, auditors as necessary.
• Participate in Disaster Recovery testing, planning and execution of the plans as needed.
• Communicate reported or discovered issue trends, major security events and Information Security incidents with appropriate management staff, as soon as identified.
• Develop and implement Information Security standard operating procedures for research and security and audit artifacts creation, collection organization, and presentation.
• Assist in the implementation of security, audit and compliance process improvements to increase efficiency.
• Develop, execute and track the performance of security measures to protect information and network infrastructure and computer systems.
• Design computer security strategy and engineer comprehensive cybersecurity architecture.
• Identify, define and document system security requirements and recommend solutions to management.
• Install software that monitors systems and networks for security breaches and intrusions.
• Monitor systems for irregular behavior and set up preventive measures.
• Serve as a primary technical compliance (contractual, standards e.g DFARS, NIST, ISO), regulatory (DOD) audit artifacts administrator, analyst, and advisor to IT and Information Security management.
• Co-Developing the System Security Plan, P&OAM and SPRS summary scores in alignment with US Government requirements.
• Evolve security program as the US Government evolves compliance requirements. (e.g. DFARS, CMMC).

• Assist with the implementation, troubleshooting and operation of enterprise security prevention, detection, and response capabilities and methodologies to support automation and process efficiencies.

• Assisting the planning, development, and implementation of the company’s information security strategy.
• Educate and train staff on information system security best practices.
• Assist the Helpdesk staff and employees as required.

Basic Requirements:

• Bachelor's degree in information security or related discipline; or equivalent experience.
• Technical degree from accredited school or professionally recognized technical training center.
• At least 3 years of experience that is directly related to the duties and responsibilities specified.
• At least 3 years of hands-on experience with administering Microsoft Commercial and Government Community Cloud (High) 365 in the cloud.
• At least 3 years of administration experience with Microsoft 365 security and compliance center.
• Three years of experience with administration of Microsoft Government Community Cloud environments.
• Strong written/verbal communication skills, critical thinking and problem-solving skills.

Desired qualifications: 

• Completion of the Microsoft Azure Security Certification (AZ-500)
• Microsoft Security, Compliance, and Identity Fundamentals Training (SC-900)
• CISSP
• NIST compliance assessor
• GIAC security expert
• Certified Information Systems Auditor

*** No US Federal Government clearance is required. ***