Cyber Security Systems Engineer (ISSE)

About The Position

Requirements

• Minimum of eleven (11) years' experience.
• Bachelor's or Master’s Degree preferred in one or more discipline, but can be waived if previous direct ISSE support to this customer’s agency.
• Possess multi-tasking skills, as well as be a good communicator/facilitator.
• Comfortable at all levels from developer to senior staff.
• Knowledge of complex network environments involving shared networks and multiple security enclaves.
• Ability to bridge the technical implementation (i.e. developer talk), into commonly understood security words.
• Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts.
• Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP)/CONOPS in the Greenlight application.
• Gather the information by working with various team members in order to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP’s), etc.
• Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA).
• Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as providing all required artifacts (i.e. evidence gathering from the teams).
• Coordinate with various contractors and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer’s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
• Keep track of where each of the various A&A projects are within the customer’s A&A process in order to know when it’s time to re-submit for accreditation or an accreditation extension.

Nice To Haves

• Previous ISSE experience directly supporting the customer.
• Previous ISSO experience directly supporting the customer is also helpful.
• Various security tools and reports such as Greenlight, RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk.
• Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.).
• Virtualization experience (VDI & VMWare).
• Basic knowledge of Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security Development and Operations (SecDevOps).
• CISSP, or GSLC.
• AWS Certified Security Specialty.
• Basic Excel and Microsoft Office365.

Responsibilities

• Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts.
• Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP)/CONOPS in the Greenlight application.
• Gather information by working with various team members to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP’s), etc.
• Support Accreditation and Authorization (A&A) reviews by ISSO/M, as well as the Security Controls Assessor (SCA).
• Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as providing all required artifacts (i.e. evidence gathering from the teams).
• Coordinate with various contractors and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer’s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
• Keep track of where each of the various A&A projects are within the customer’s A&A process in order to know when it’s time to re-submit for accreditation or an accreditation extension.