Information Systems Security Engineer

San Antonio, TX, Onsite Government facility - Mon-Fri, 2-10PM, 2nd shift

We are seeking a Cybersecurity Engineer with strong OpenNMS experience to support enterprise-scale network visibility, threat detection, and infrastructure resilience. This role focuses on using OpenNMS (Horizon or Meridian) as a critical cybersecurity-enabling platform to detect anomalous behavior, support incident response, and enhance situational awareness across complex network environments.The ideal candidate will have a strong foundation in network security, monitoring, and performance management, and will work closely with Security Operations (SOC), Network Operations (NOC), and Infrastructure teams to detect, analyze, and respond to security-relevant events.---

Cybersecurity & Monitoring· Configure, maintain, and optimize OpenNMS to monitor network availability, performance, and security-relevant events· Develop alerts and thresholds to identify suspicious network behavior, outages, and anomalies· Correlate OpenNMS alerts with security incidents and infrastructure changes· Support early detection of potential DDoS attacks, network abuse, misconfigurations, and service disruptions· Perform root-cause analysis for network and security events

· Assist SOC and Incident Response teams with:o Network telemetry analysiso Timeline reconstruction using historical performance datao Identification of impacted systems and traffic paths· Escalate high-risk events and provide actionable intelligence to security leadership· Support post-incident reviews and mitigation planning

· Integrate OpenNMS with:o SIEM platforms (e.g., Splunk, Elastic, QRadar)o Ticketing systems (e.g., ServiceNow, Jira)o NetFlow/IPFIX collectors· Develop scripts or APIs to automate alerting, reporting, or data sharingAsset Visibility & Compliance· Maintain accurate network asset discovery and inventory· Identify unauthorized or misconfigured devices and services· Support compliance audits by providing monitoring and availability evidence· Contribute to continuous improvement of network security posture

· Bachelor's degree and 2 years of related experience, or Master’s degree with less than 2 years of related experience. Additional experience, education and training may be considered in lieu of degree.· Experience in Cybersecurity, Network Engineering, or Network Monitoring.· DoD-8570 IAT Level 2 certification (Security+ CE) within 6 months of hire date.· Hands-on experience administering OpenNMS (Horizon or Meridian)· Strong understanding of:o TCP/IP, DNS, DHCP, VLANs, routing, and switchingo SNMP, ICMP, NetFlow, WMI· Experience with security concepts including:o Network-based attacks (DDoS, scanning, lateral movement)o Defense-in-depth architecture· Familiarity with Linux systems administration· Experience working with SOC/NOC or incident response teams· US Citizenship and an active Secret clearance.---

· Experience integrating OpenNMS with SIEM or SOAR platforms· Knowledge of IDS/IPS, firewalls, and endpoint security tools· Scripting experience (Python, Bash, Groovy, or similar)· Understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls)· Certifications such as:o Security+o Network+o CCNA / CCNPo OpenNMS or Linux certifications---Tools & Technologies· OpenNMS Horizon / Meridian· SNMP, NetFlow, IPFIX· Linux (RHEL, Ubuntu, CentOS)· SIEM platforms (Splunk, Elastic, QRadar)· Ticketing systems (ServiceNow, Jira)· Git, REST APIs, scripting tools---Soft Skills· Strong analytical and troubleshooting skills· Ability to communicate technical findings to security and leadership teams· Collaborative mindset across SecOps, NetOps, and Infrastructure· Attention to detail and proactive problem-solving---Why Join Us· Work at the intersection of Cybersecurity and Network Intelligence· Influence enterprise-wide detection and response capabilities· Collaborate with high-impact security and infrastructure teams· Opportunity to modernize and scale security monitoring platforms---Note:OpenNMS is an open-source network management platform for monitoring, alerting, and managing large-scale IT networks and services.· Purpose: Fault, performance, and service monitoring across devices, servers, applications, and network services.· Core functions: automated discovery, real-time data collection (SNMP, JMX, WMI, IP SLAs, HTTP, etc.), threshold-based alerting, event correlation, notifications, and reporting.

[