Information System Security Engineer (ISSE) II

About The Position

Requirements

• Active and transferable U.S. government issued Secret security clearance is required prior to start date.
• U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.
• Typically requires a BS degree in Science, Technology, Engineering or Mathematics(STEM) and a minimum of 2 years of prior relevant experience unless prohibited by local laws/regulations.
• Required DoD 8570.01 IAT Level 2 (requires one or more of the following Professional Certifications: CNA Security, GICSP, GSEC, Security+ CE, SSCP)

Responsibilities

• Oversee the development and maintenance of a system's cybersecurity solutions.
• Participate in the system engineering process to ensure that cybersecurity requirements, design, and testing are properly addressed throughout the system lifecycle.
• Engage with the Network Engineer, Systems Engineer, and Integrated Product Team (IPT) lead to confirm the compatibility of cybersecurity architecture and design with the overall system design and integration.
• Identify where their system resides within the overall Navy security architecture (e.g., network, ship, site).
• Coordinate with all primary connecting systems to determine what protections can be inherited.
• Apply system security and privacy engineering principles and practices to securely develop and integrate system components into information systems.
• Lead the security control implementation and testing efforts.
• Identify and tailor the security control baseline with applicable overlays.
• Consider control inheritance and inheritance models when assigning controls during the security control selection process.
• Conduct all preliminary technical testing, including Security Technical Implementation Guides (STIGs), Security Requirement Guides (SRGs), and Assured Compliance Assessment Solution (ACAS)/Nessus scans.
• Document detailed results of each Assessment Procedure (AP) within eMASS in the 'Test Results' section for each AP.
• Implement approved security controls (often in coordination with the ISSM).
• Remediate findings and/or implement mitigating controls as possible.
• Update the Plan of Actions & Milestones (POA&M) with non-compliant security controls as required.
• Perform vulnerability-level risk assessments on the POA&M/CAP.
• Conduct an initial complete risk assessment and document results in the POA&M.
• For identified deficiencies, determine the theoretical attack path for potential exploitation.
• Work with the Program Manager/Information System Owner (PM/ISO) to develop the Risk Assessment, incorporating vulnerabilities from the formal assessment.
• Assist with the development, maintenance, and tracking of the Security Plan (SP).
• For assessment efforts that do not require a Navy Qualified Validator (NQV), the ISSE (as part of program personnel) is responsible for developing a comprehensive SAP and submitting it for Security Control Assessor (SCA) review and approval.
• Ensure the execution of any security testing required as part of Assessment & Authorization (A&A) or annual reviews.
• Execute the SAP and assess applicable security controls (Validator participation is encouraged but not required).
• Ensure data entered in the eMASS record and POA&M is consistent with implementation results.
• Document and provide all requested rework to the Package Submitting Officer (PSO)/Program Management Office (PMO) for review.
• Oversee cybersecurity testing to assess security controls and record their compliance status during the continuous monitoring phase of the lifecycle.
• Support the Information System Security Manager (ISSM) in implementing the System Level Continuous Monitoring (SLCM) Strategy, tracking compliance of associated security controls, and communicating security findings.
• Update the Security POA&M as necessary during the monitoring step.
• Identify Authorizing Official (AO) and SCA cognizance of the system, as well as any specific authorization requirements such as reciprocity, cross domain solutions, and applicable overlays to support System Categorization.
• Utilize the Collaboration Board in the eMASS workflow for formal coordination during the RMF process, posting detailed findings in the Artifacts tab if necessary.

Benefits

• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• 401(k) match
• flexible spending accounts
• flexible work schedules
• employee assistance program
• Employee Scholar Program
• parental leave
• paid time off
• holidays