Who We Are
EmeSec is focused on improving a client’s effective use of technology to deliver agency mission/programs while mitigating cyber security vulnerabilities and risks.
Founded as an Information Assurance (IA) business, EmeSec included a variety of advisory and assistance consulting, technical support, project development, and general engineering services. EmeSec gained certifications as a means of improving performance, showcasing the strong business management of the company, and obtaining compliance with what some government agencies required in larger and larger RFPs. As the cloud infrastructure and the need for System Security Engineering across the technology spectrum of cloud, mobile, and legacy system migration continues to expand, EmeSec has positioned itself to provide cloud security expertise that combines agile engineering and development efforts with an eye to the cyber and privacy threats that systems will inevitably face during deployment.
Ms. Maria Horton, a retired Navy Commander and the former Chief Information Officer (CIO) for Bethesda Naval Hospital, now known as Walter Reed, is the founder...Full bio ›
Maria HortonFounder and CEOclose
Maria HortonFounder and CEO
Ms. Maria Horton, a retired Navy Commander and the former Chief Information Officer (CIO) for Bethesda Naval Hospital, now known as Walter Reed, is the founder and creator of EmeSec Incorporated. Involved early as a tele-medicine researcher and a published digital imaging expert, Maria has actively contributed to the application of evolving cyber technologies since the late 90’s. She remains a leader within the industry today delivering industry foresight and solutions to commercial and government clients and speaking on a variety of subjects at conferences, radio programs and in magazine articles. She also counsels up-and-coming next generation cloud and cyber innovators. Looking to the future, Maria welcomes the opportunity and challenge to discuss making cloud security and engineering your market advantage.
Mr. Tim Lowman, a retired military intelligence professional, with a background in Cloud Security Engineering, Cyber Security, and Defensive Cyber Operations...Full bio ›
Tim LowmanChief Operating Officerclose
Tim LowmanChief Operating Officer
Mr. Tim Lowman, a retired military intelligence professional, with a background in Cloud Security Engineering, Cyber Security, and Defensive Cyber Operations, delivers an operation-of-excellence mentality to EmeSec customers. His direct guidance and involvement in managing and leading Cyber Security Operations and Army Subject Matter Experts is what he shares with EmeSec staff and customers. His practical knowledge has and continues to result in immediate value and a clear path of action for our commercial go-to-market clientele and our cutting-edge government customers. Tim’s forward thinking philosophy is spearheading a new division of technology and technology lead services within the company, focused on automated intelligence, in-context security practices, and greater capture of return on investment.
Come meet our team at EmeSec. They are talented, credentialed, hold clearances, and possess multi-dimensional interests that support today’s 360 degree world of cyber, sensors, social media, and data sharing. They can’t wait to work with you!
Careers at EmeSec
Want to work with us? We are always seeking qualified candidates to join our team. Please take a look at the available positions and get in touch with us if you are interested!
IT Information Security Analyst
Provide knowledge and understanding of FISMA, OMB, NIST and Agency requirements in providing IT Security and Privacy Compliance support.closeEmeSec Incorporated IT Information Security Analyst Adelphi, MD Secret - Clearable to TS IAT II - Security + CE
IT Information Security Analyst
Provide knowledge and understanding of FISMA, OMB, NIST and Agency requirements in providing IT Security and Privacy Compliance support. Provide FISMA Program Management Services, Security Certification and Accreditation (C&A) (now known as Assessment & Authorization A&A), Continuous Monitoring, Security Policy and Procedure Development, Security Test and Evaluation (ST&E), Audits and Plan of Action and Milestones (POA&M) Management, Privacy, and Enterprise IT Security. Ideal candidate possesses hands-on FedRAMP experience. Provide IT security support so that systems can be approved by the Agency’s designated authorizing official(s). Apply knowledge of NIST SP 800-53 Rev 3 and Rev 4 and other germane NIST publications to the Authorization and Assessment process. Collaborate with the client in the review and assessment of the common controls, or the re-working of common controls in light of 800-53 Rev 4. Provide recommendations to the Agency’s policy and technical governance processes to facilitate compliance with applicable laws, regulations etc. The candidate is expected to have a solid foundation of technical experience and expertise with tools such as Cyber Security Assessment and Management System (CSAM). The candidate is experienced assessing the impact of proposed changes in policy, processes or tools on the ability of the agency to maintain their FISMA compliance position. The successful candidate must possess strong verbal and written communication skills.
Essential Job Functions
• Provide IT security and privacy program management support, principally centered around FISMA and Privacy Act standards and requirements.
• Review and understand the current security policies, processes and security environment.
• Provide Assessment and Authorization (A&A) support.
• Provide Continuous Monitoring support.
• Identify and address security weaknesses (Monitor Plan of Action and Milestones (POA&M) and POA&M Management.
• Provide security audit support.
• Provide Risk Assessment support.
• Provide Privacy Act compliance support.
• Provide e-Authentication support.
• Provide guidance on 800-53 Rev 3 and Rev 4 compliance requirements and recommendations on how to resolve.
• Ability to manage updates to Systems Security Plans and other related A&A package documentation or perform the review of the package to assure that it is in compliance with agency and federal laws and regulations including OMB, NIST, and FISMA compliance requirements.
• Guide or participate in meetings and customer working groups to address issues related to cyber security compliance, vulnerabilities, and emerging cyber security threats or the implementation of new cyber security mandates.
• Prepare reports and briefings as required and for approval by the Project Manager
• Lead or Serve as a member of a team potentially composed of a mix of people from the client organization and other supporting entities.
• Perform other functions associated with delivering an effective cyber security program to the client.
• 5+ years FISMA experience
• 3+ years of direct experience either developing A&A packages or reviewing them.
• Recent experience providing Continuous Monitoring support.
• Ability to apply NIST 800-53 Rev 3 and migration to Rev 4 compliance requirements to the client’s environment.
• Ability to be effective in a team environment (across entities and geographic locations), presenting issues, clearly explaining issues, and ability to come to an agreed upon resolution of the various concerns/needs of the client.
• Well-developed analytic, qualitative, reasoning skills with demonstrated creative problem solving abilities
• Strong work ethic and motivation with a demonstrated history of ability to work in a dynamic, often high-speed team environment.
• Clear effective oral and written communications skills.
• Ability to operate and lead effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness to client matters and needs
• Occasional local (within the state) travel, evening and weekend hours should be anticipated.
- Cyber Security Assessment and Management System (CSAM).
• Proficiency with Microsoft Office Applications.
• B.S. in Computer Information Systems, Engineering, Cyber Security, or related subjects
• Must have a minimum of 10 years direct experience or additional years’ experience in lieu of a degree and relevant certification(s).
• Must be able to acquire a Public Trust level of clearance.
Desired Certifications (one or more)
• Certified Information Management System Security Professional (CISSP)
• Certified Accreditation Professional (CAP)
• Certified Information Security Assessor (CISA)
• Project Management Professional (PMP)
- Cyber Security Assessment and Management System (CSAM).
Network Security Analyst
The analyst is responsible for monitoring client networks to detect suspicious and hostile activity that would jeopardize the integrity of information systems.closeEmeSec Incorporated Network Security Analyst Adelphi, MD Secret - Clearable to TS IAT II - Security + CE
Network Security Analyst
The analyst is responsible for monitoring client networks to detect suspicious and hostile activity that would jeopardize the integrity of information systems. Analysts are responsible for reviewing logs from various security tools and network traffic analyzers. Analysts must be able to compile information and prepare computer security incident reports based in intrusions, events, and incidents that are detected. Analysis will work closely with network engineers and system administrators to ensure mitigation of all activity detected. In addition analysts must assist in the evaluation, research and development of computer and network security tools.
• Constant monitoring of intrusion detection systems.
• Creation of technically detailed reports based on intrusions and events.
• Provides assistance in computer incident investigations
• Analyze and evaluate anomalous network and system activity.
• Assist in troubleshooting and problem solving a wide variety of client issues.
• Collaborate well with members of the IAM team on daily policy issues.
• Provide quality customer service with excellent communication skills.
• Recommend modifications to access control lists to prevent and mitigate intrusions.
• A total of seven years relevant IT experience: five years of relevant IA and/or security experience, and Associate Degree or equivalent in work experience.
• Work 12hr shifts on a rotating basis, working no more than 3 days in a row.
• An advanced understanding of current threats and trends present in the Information Security and Technology field.
• Advanced knowledge of network technologies and protocols.
• Understanding of network hardware devices and experience configuring Access Control Lists or other Firewall or Router configuration experience.
• Ability to demonstrate strong knowledge of computer security concepts.
Highly Desirable skills:
• Initiative and a personal interest in Information Technology Security.
• People skills and the ability to communicate effectively with various clients with the ability to explain and elaborate on technical details.
• Have used network security analysis tools such as Snort, TCPDUMP, WireShark, and other Host or Network based Intrusion Detection Systems
• Experience with system vulnerability assessment.
• Familiar with computer forensic tools FTK, EnCase or other network forensic applications.
• Knowledge of Linux/UNIX and Windows OS security.
• Knowledge of computer programming languages and scripting languages. Previous scripting and coding experience is desired but not required.
• An understanding of DOD and Army information assurance policy and regulations.
Information Assurance Engineer
IA Engineer with skills of network administrator but is able to work and interface with multiple teams of administrators and technical personnel involving diverse networks at the enterprise and local level.closeEmeSec Incorporated Information Assurance Engineer Adelphi, MD Active Secret Clearance
Information Assurance Engineer
IA Engineer with skills of network administrator but is able to work and interface with multiple teams of administrators and technical personnel involving diverse networks at the enterprise and local level. Has the knowledge to create plans to assure effective management, operations and maintenance of systems and/or networks. Ability to review/understand and apply agency policies regarding computer access, firewalls, and network protection technologies; and create/develop plans to implement.
• College Degree: Bachelor’s Degree in Information Technology, Computer Science or similar technical discipline. Willing to accept 8 years applicable work experience in lieu of degree.
• Must have at least 2-3 years of recent experience with Federal IT security practices, including use of scanning tools.
• Core Working Hours: Business hours Monday-Friday. Work schedule may be vary periodically due to scheduled scanning/analysis periods.
• The person MUST be able to work well with all types of people, and be able to handle contentious conversations without alienating others. Significant interpersonal interactions are a part of this position.
Recommended Qualifications: CISSP, CISM, CISA, CEH or similar certifications
Job Knowledge/Skill Requirements:
- Must understand Federal security practices.
- Must be able to describe purpose and intent of security controls in NIST Special Publication (SP) 800-53 and related SPs.
• Should have experience with reading and analyzing System Security Plans (SSPs), Risk Assessments (RAs), Configuration Management Plans, and similar security documents; experience writing them is even better.
• Must have the ability to look at a system or network diagram and identify potential security vulnerabilities.
• Must have experience reading and analyzing reports from common security scanning tools including Nmap, Nessus, AppScan, Retina, etc. Experience in setting up and performing scans with these tools is preferred.
• Must be able to read the output of common scanning tools and describe how to fix the security weaknesses listed.
• Must be able to look at configuration settings for Windows workstations and servers to identify security vulnerabilities; ability to also examine configuration of Cisco devices, LINUX servers, or VMS servers is even better.
• Must be able to examine how a security control is implemented and verify whether it complies with NIST requirements.
• Must be able to correlate control descriptions in SSPs with results of scanning tools to identify inconsistencies and missing controls.
• Must be able to write an understandable and grammatically correct report on findings.
• Must be able to prepare spreadsheets that allow sorting, filtering, and graphing of findings.