**This opportunity is contingent upon award**  

Company Summary 

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future.  

Position Overview 

As a Cloud-focused System Security Engineer, you will be responsible for ensuring the integrity, confidentiality, and availability of systems and data. This role entails bridging security assessment requirements and ensuring they are completed ahead of deployment to enable a seamless integration into the DoD’s CDAO ecosystem. Your expertise will be essential in identifying vulnerabilities, conducting risk assessments, and developing strategies to mitigate security risks. 

Work Location 

Washington, DC  

Job Responsibilities and/or Success Factors 

• Design, implement, and maintain security infrastructure components such as firewalls, intrusion detection/prevention systems, VPNs, and encryption protocols to protect the organization's systems and data. 
• Conduct regular vulnerability assessments and penetration testing to identify weaknesses in systems, applications, and network infrastructure. Develop and implement remediation plans to address identified vulnerabilities. 
• Develop and maintain incident response plans and procedures. Lead incident response activities during security breaches or incidents, including investigation, containment, and recovery. 
• Monitor security logs and alerts to identify potential security incidents or breaches. Analyze security event data to identify trends and potential security risks. 
• Develop and enforce security policies, standards, and procedures in accordance with industry best practices and regulatory requirements. Ensure compliance with relevant guidance such as NIST, SSDF, OWASP, etc. 
• Develop and deliver security awareness training programs to educate employees on security best practices and promote a culture of security awareness throughout the organization. 
• Maintain accurate and up-to-date documentation of security configurations, procedures, and incident response plans. 
• Support the design, test, and development of a secure modular open-source platform. 
• Support investigation of system security hardening with updated POA&M and update A&A documentation for AWS, Azure, and government required Cloud Environments  
• Support engineering, analysis, and implementation of CDAO cybersecurity acceptance criteria to run and deploy CDAO JATIC Platform, frameworks, packages, and toolkits from a government supported ecosystem.  
• Support security engineering and documentation of core CDAO Platform as a distributable and accredited package from PYPI, other Open-Source Security Frameworks, and government supported marketplaces.  
• Support Security Investigation and documentation for additional environments, as required. 
• Stay abreast of the latest security threats, vulnerabilities, and technologies. Evaluate new security technologies and products to assess their suitability for the organization's security needs. 

Education and Minimum Qualifications 

• Must be a US Citizen 
• TS/SCI clearance 
• Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred. 
• Professional certifications such as CISSP, CISM, CEH, CCSK, SANS GIAC are highly desirable. 
• Proven experience in designing, implementing, and maintaining security infrastructure components. 
• Strong knowledge of network security protocols, cryptography, and secure coding practices. 
• Experience in secure coding practices and development within a CI/CD DevSecOps environment. 
• Expansive knowledge with integrating Iaas, Paas, and SaaS offerings into government cloud environments. 
• Experience with security assessment tools such as Nessus, Metasploit, Nmap, Wireshark, etc.
• Experience with incident response procedures and tools.
• Familiarity with relevant regulations and compliance requirements.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.