Information Security Systems Engineer

VTG•Chantilly, VA

About The Position

Information Systems Security Engineer for fast-paced DEVOPS, Cyber Security, and Engineering support environment. Candidate must have a familiarity with the Assessment and Authorization (A&A) process and the Risk Management Framework (RMF), ability to research, translate, and help communicate risk information to the project teams and sponsors. Partner with client stakeholders to provide input and best practice recommendations to inform decision making on security solutions. Implement and support client-based security mitigations and solutions. The position will partner with other ISSEs and project teams to maintain ATOs and practice continuous monitoring across systems to ensure strong security posture. Candidate must be able to analyze system configurations, scan results, and audit logs to meet sponsor compliance requirements and identify vulnerabilities and issues. The ideal candidate will have demonstrated experience supporting systems to policy compliance as well as ConMon requirements such as quarterly scanning, privileged user reporting, POAM management, and audit. The position requires a team player with good communication and documentation skills.

Requirements

Active TS/SCI with Polygraph required.
Bachelor’s degree in Geospatial Intelligence, Geography, Remote Sensing, Intelligence Studies, Engineering, or related field, or equivalent experience
Ability to Develop, maintain, and help submit Assessment & Authorization (A&A) packages in accordance with the ICD 503 Rev. 4 policy and Risk Management Framework (RMF)
Experience performing security engineering tasks and risk analysis on cloud-based systems
Ability to help provide proper guidance for the application of security controls across the full OSI model stack
Knowledge of gathering bodies of evidence (BOE) and artifacts for security packages
Perform system analysis, system audits, system monitoring, security control assessment/testing, risk management
Experience reviewing vulnerability and compliance reports utilizing OS, Web, and DB scanning tools
Experience with auditing and monitoring systems utilizing various tools, such as Splunk or similar metrics solutions
Ability to perform continuous security monitoring and develop strategies for remediation

Responsibilities

Support development, maintenance, and submission of Assessment & Authorization (A&A) packages in accordance with ICD 503 Rev. 4 and Risk Management Framework (RMF) requirements.
Gather, organize, and manage Bodies of Evidence (BOE) and security artifacts required for system authorization and audits.
Perform security engineering and risk analysis on cloud-based and on-premise systems to identify security gaps and recommend mitigation strategies.
Apply and validate security controls across all layers of the OSI model, ensuring technical, administrative, and physical controls are properly implemented.
Conduct system analysis, security control assessments, and security testing to verify compliance with RMF and organizational policies.
Review and analyze vulnerability and compliance reports generated from OS, web application, and database scanning tools.
Work with system owners, developers, and infrastructure teams to develop remediation plans and track vulnerability closure activities.
Perform continuous security monitoring by reviewing system logs, security dashboards, and SIEM outputs using tools such as Splunk or similar monitoring solutions.
Identify trends and recurring security issues and develop strategies to improve long-term security posture.
Participate in system audits, inspections, and security reviews, providing required documentation and technical explanations to assessors and auditors.
Maintain system security documentation, ensuring updates reflect current system configurations and security control implementations.
Provide guidance to technical teams on security control implementation, secure system design, and compliance requirements.