Security Engineer

Join us at Sparksoft, where we're not just another tech company—we're a catalyst for change. Our mission isn't just to offer IT solutions; it's to revolutionize the way you work. Here, passion isn't just a buzzword; it's the fuel behind groundbreaking ideas and transformative technologies. We serve a wide range of government clients, delivering impact that's felt across the nation.

Our true strength lies in our people. They're the problem-solvers and innovators consistently delivering extraordinary outcomes. With Sparksoft, you're not stepping into a routine job; you're joining a team committed to innovation and excellence. Our innovation extends beyond just delivering projects. Through our specialized Innovation Centers, we continuously refine our methods, ensuring we remain industry leaders.

We are Sparksoft!

ROLE & RESPONSIBILITIES: 

• This position will be responsible for developing security reports, security recommendations, and security policies and procedures that are meaningful, defensible, and actionable for a variety of audiences as pertained to assigned business units.
• Monitor and analyze security events and alerts to identify potential threats and vulnerabilities.
• Provide support to end users with applications and systems managed by the organization, ensuring they can perform their assigned duties
• Write reports on security incidents, user access issues, and compliance with security policies. 
• Implement the concepts of least privilege and need-to-know to ensure that users have appropriate access to resources.
• Assist users requiring access to protected resources, including managing user accounts.
• Participate and be an integral component of audit, compliance, and regulatory functions, including and not limited to; audits of system security to ensure compliance with corporate security framework NIST 800-53, ISO 27001
•  Primary POC in a vulnerability management program of the account that includes:
  • External and internal vulnerability scans of applications and systems
  • External and internal penetration tests of applications and systems
  • Documentation and remediation of identified vulnerabilities and exploits
  • Routinely monitoring various communication avenues for security vulnerabilities and security patches

• Taking a risk-based approach comparing those security vulnerabilities and security patches across the operating environments.
• Making recommendations to various IT teams on the mitigation process for those identified security vulnerabilities.
• Conduct yearly IT Security training for the entire company.
• Stay informed about the latest security trends, threats, and best practices to continuously improve security measures.

REQUIRED EXPERIENCE: 

• Minimum of Five (5) Years of experience in IT Security
• Knowledge and understanding of security controls across all security domains, such as access management, encryption, vulnerability management, authentication, authorization, network security, physical security, etc.
• Ability to identify security risks in application, system, and network architecture, data flow, and processes or procedures.
• Ability to assess the organizational impact of identified security risks and recommend solutions or mitigating controls.
• Knowledge of security technologies, devices, and countermeasures, as well as the threats they are designed to counter.
• Experience with developing security reports, recommendations, policies, and procedures that are meaningful, defensible, and actionable for a variety of audiences.
• Familiarity with more than one framework (NIST 800-series, ISO 27000-series, ISO, HIPAA, HITRUST, FISMA, FedRAMP other common security control frameworks).
• Experience in SharePoint Workflows, and security is a plus
• Communication skills (interpersonal, verbal, presentation written, email).
• Experience to write report segments and to participate in presentations.
• Positive attitude, collaborator, self-starter; takes initiative, ability to work independently and effectively with all levels of staff and management both internally and externally.
• Candidates must be able to obtain and maintain a Public Trust clearance.
• Candidates must have lived in the United States 3 out of the past 5 years.

PREFERRED EXPERIENCE: 

• Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies.
• Ability to understand, develop, and socialize security policies, standards, and procedures.
• Proficiency with security controls for cloud environments (Azure and AWS) including FedRAMP requirements.
• Experience in risk management, compliance, audit, or third-party assessments.

EDUCATION & CERTIFICATIONS:

• Bachelor's Degree in System Engineering, Computer Science, Information Systems, or related discipline, from an accredited college or university is required. 
• 5 years of prior relevant experience. *5 years of additional SE experience may be substituted for a bachelor’s degree.
• CIPP, CRISC, CISA, CISSP, CISM, ISO or any security/IT audit certification.

If you need accommodation seeking employment with Sparksoft Corporation, please email Sparksoft.Accommodations@sparksoftcorp.com or call 410-424-7700. Accommodations are made on a case-by-case basis.

At Sparksoft Corporation, we take security and protection of personal information very seriously. We will never ask you to send private personal information over email. Accordingly, we ask you to immediately contact our security team via email at abuse@sparksoftcorp.com upon receiving a suspicious request.