Information System Security Engineer (ISSE)

Canvas Inc.•Eglin AFB, FL

About The Position

Canvas provides engineering services and technical solutions for customers in federal and commercial markets. We are recognized by our customers and industry partners for our ethical standards, world-class technical expertise, and dedication to accomplish the mission in a responsive, efficient, and affordable manner. This position supports the 96TW at Eglin AFB, FL. Secure System Design & Implementation. Conduct information system security engineering activities, translating security requirements into technical specifications and architectural designs. Integrate security controls into system architectures, ensuring security is embedded rather than bolted on as an afterthought. New and Existing Site Security. Collaborate with project teams during the initial design and construction of new sites to ensure physical cybersecurity considerations are integrated from the ground up, including access controls, surveillance systems, and environmental safeguards. In addition, the ISSE will perform comprehensive analyses of current site security, encompassing both physical (e.g., perimeter security, access control) and logical (e.g., network segmentation, intrusion detection) aspects. The ISSE will then generate detailed reports outlining identified vulnerabilities and propose practical, cost-effective solutions to improve the overall security posture, addressing both immediate risks and long-term security needs. New System Integration. New System Integration: Evaluate proposed new systems and applications (including RF systems, SATCOMs, and range instrumentation) for security vulnerabilities and risks. The ISSE will be responsible for defining the comprehensive set of cybersecurity requirements that must be incorporated into these systems from the earliest stages of development and implementation. The ISSE provides guidance to the implementation teams, ensuring that cybersecurity principles are correctly applied. While the ISSE may not directly implement the security controls, they possess the technical expertise to verify the effectiveness and proper functioning of those controls, ensuring adherence to established standards and regulations. As part of the verification process, the ISSE will be responsible for developing cybersecurity requirement verification and validation test plans, executing those plans, and reporting results to stakeholders. These test plans will ensure that all implemented security features are functioning as intended and meeting defined performance criteria. Modernization & Upgrade Security. Conduct security assessments of existing systems and infrastructure undergoing modernization or upgrade. Develop and implement security plans to address identified vulnerabilities and ensure the ongoing security posture of the systems. Security Architecture Development. Develop and maintain security architecture documentation, including security policies, standards, and procedures, to guide the implementation of secure systems and infrastructure. Secure Coding Practices & Cryptography. Provide expertise and guidance on secure coding practices, cryptography implementation, and security testing methodologies to development teams. Security Impact Assessment. Provide advice on the security impacts of proposed changes to systems, networks, and infrastructure. Participate in development activities to implement system modifications securely. Continuous Monitoring. Offer guidance on continuous monitoring approaches and tools, helping establish effective security measurement frameworks. Conduct comprehensive research to identify the most effective and appropriate security monitoring solutions for detecting and responding to security incidents. Provide expert advice on the selection, configuration, and integration of these tools into the organization's existing infrastructure, focusing on optimizing their performance and minimizing implementation risks. Vulnerability Remediation. Develop technical solutions to address identified vulnerabilities and support security control implementation efforts. Technology Evaluation. Evaluate new technologies for security implications and provide recommendations on adoption strategies that maintain security posture. Compliance. Ensure all security-related activities comply with applicable government regulations, policies, and standards (e.g., NIST, DoD, CNSS, JSIG). Documentation. Create and maintain comprehensive documentation related to security engineering activities, including system security plans, security assessment reports, and configuration management documentation. Collaboration. Work collaboratively with other IT professionals, security specialists, and stakeholders to ensure the effective implementation and maintenance of security controls.

Requirements

Education: Master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.
Experience: Minimum of 10 years of experience as an Information System Security Engineer or in a similar role.
DoD/Air Force Cybersecurity Policies: Deep understanding of DoD and Air Force cybersecurity policies, regulations, and standards including special access programs (SAP).
Must possess one of the following certifications and must be current/maintained: Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH)
Security Clearance: Must be able to obtain and maintain a Top Secret security clearance.
Other Essential Job Functions: Deep understanding of information security principles, mechanisms, and best practices.
Extensive knowledge of security frameworks and standards (e.g., NIST 800-53, NIST Risk Management Framework (RMF), CNSS, JSIG).
Extensive experience with security assessment tools and techniques (e.g., vulnerability scanners, penetration testing).
Proficiency in designing and implementing security controls for various operating systems (Windows, Linux), networks, and applications.
Strong understanding of network security concepts (e.g., firewalls, intrusion detection/prevention systems, VPNs).
Experience with cryptography, including encryption algorithms, key management, and digital signatures.
Extensive experience with cloud security principles and practices (e.g., AWS, Azure, Google Cloud).
Experience with security incident response and handling.
Experience with security information and event management (SIEM) systems.
Experience analyzing security logs and identifying potential security threats.
Strong communication and interpersonal skills, with the ability to effectively communicate technical information to both technical and non-technical audiences.
Ability to work independently and as part of a team.

Nice To Haves

Military Range Experience: Strongly Preferred: Experience working on a military range, with a demonstrated understanding of the unique cybersecurity challenges associated with such environments.

Responsibilities

Secure System Design & Implementation
New and Existing Site Security
New System Integration
Modernization & Upgrade Security
Security Architecture Development
Secure Coding Practices & Cryptography
Security Impact Assessment
Continuous Monitoring
Vulnerability Remediation
Technology Evaluation
Compliance
Documentation
Collaboration

Benefits

Competitive Wages
Medical, Rx, Dental & Vision Insurance
Generous company-funded Basic Life Insurance
Company-funded Short-Term & Long-Term Disability
11 Paid Federal Holidays
Generous Paid Time Off (PTO)
Dependent Care and Medical Flexible Spending Accounts
401(k) retirement plan with company match and 100% immediate vesting
Tuition Reimbursement for ongoing training, continuing education, or advanced degree programs
Robust Employee Assistance Program
Employee Referral Bonus Program
Corporate Sponsored Events & Community Outreach
Spot Awards for Exemplary Individual Performance
Discretionary performance-based bonuses