Job DescriptionSAIC currently has an opening for a Communications Security Engineer to support the Department of State (DoS) Bureau of Diplomatic Technology. DT provides enterprise architecture design, engineering, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department.
The Security Engineer shall develop next-generation security solutions to secure the organization's communication fabric. This role engineers the next generation security layers that protect data moving across internal networks, cloud environments, and remote access tunnels. They are the strategic lead in ensuring that every network handshake-whether via TLS, IPsec, or SSH-is backed by a robust and resilient cybersecurity infrastructure.
Description of Duties:- Secure Connection Management: Oversee the security of network tunnels and data-in-transit protocols. This includes managing the certificates and configurations for VPNs, secure gateways, and encrypted communication channels that link internal networks to external service providers.
- Lifecycle Automation: Develop and implement automated workflows for the lifecycle of security credentials. This reduces manual intervention, minimizes human error, and ensures timely rotation to meet security standards.
- Identity & Access Integration: Align access with the organization's identity management framework. Ensure that only authorized systems and personnel can access sensitive keys and that all access is logged and audited according to the principle of least privilege.
- Security Compliance & Auditing: Monitor and report on the status of encryption and network security controls. Conduct regular reviews to ensure that all hybrid and cloud-based configurations meet organizational security policies and industry regulatory requirements.
- Vulnerability & Risk Mitigation: Identify and remediate security gaps in the hybrid network infrastructure. This involves assessing the risks associated with data movement between environments and implementing hardening measures to protect against unauthorized access or data leakage.
- Incident Response Support: Provide subject matter expertise during security incidents involving encryption failures or unauthorized network access. Assist in the rapid revocation and replacement of compromised credentials to restore secure operations.
Qualifications- Bachelors and 1 year or more of professional experience;
- Knowledge with some or all of the following:
- KMI - Key Management Infrastructure.
- iApp.
- EKMS- Electronic Key Management System.
- Key Material.
- OTNK - Over the Network Key.
- CARDS (COMSEC Accounting, Reporting, and Distribution System).
- Technical Expertise: Deep knowledge of symmetric and asymmetric encryption (e.g., AES, RSA, ECC) and Public Key Infrastructure (PKI) and Post Quantum Encryption.
- Understanding of core network transport security concepts (symmetric vs. asymmetric encryption, hashing, and digital signatures) and network security protocols (TLS/SSL, IPsec, SSH).
- Ability to troubleshoot complex connectivity and encryption issues across different technical platforms.
- Skill in documenting technical procedures and explaining security risks to both technical teams and management.
- Familiarity with handling classified or confidential materials.
Required Clearance:- US Citizenship.
- Ability to obtain a top secret/SCI clearance.
