Information System Security Engineer (ISSE)

Allied Consultants, Inc.•Austin, TX

1d•Hybrid

About The Position

Allied Consultants, Inc is a proudly Austin based firm with over 34 years of experience delivering top-tier technical and business professionals within Texas State Agencies. We are currently seeking an experience Information System Security Engineer (ISSE) to play a key role within a high-impact technical services team. At Allied Consultants, we value our consultants and are committed to providing an exceptional experience including: Highly competitive pay rates Local support staff for responsive, personal service Comprehensive benefits package, including: Medical insurance (with employer cost sharing) Life insurance A 401(K) plan with company match Flexible spending through a cafeteria plan Candidates selected for interviews will be subject to a criminal background check and may be required to pass a drug screening, in compliance with federal and state regulations. All offers of employment are contingent upon successful completion of these checks. Allied Consultants is a proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. The Security Engineer will project work by leading security governance, compliance, and risk management activities, with a strong focus on System Security & Privacy Plans (SSP/SSPP). This role bridges technical security operations and regulatory compliance, ensuring audit readiness, effective vulnerability remediation, and secure delivery of public-facing services across complex, multi-platform environments.

Requirements

12 Years deep focus on: Governance, Risk, and Compliance (GRC), Enterprise Security and Security Architecture, Vulnerability Management and Penetration Testing , Cloud Security and hybrid environments
10 Years Proven experience owning SSP development end to end
10 Years Hands on experience with CMS MARS E v2.2 or comparable federal/state security frameworks
10 Years Strong expertise in: Control implementation documentation, Audit evidence collection and validation, POA&M creation, tracking, and remediation management
8 Years Ability to translate technical security issues into compliance aligned remediation actions
8 Years Strong stakeholder management skills across security, infrastructure, and application teams
8 Years Excellent written and verbal communication skills, particularly for executive stakeholders
8 Years Knowledge of NIST 800 53, NIST RMF, and privacy controls
8 Years Knowledge of Secure SDLC and DevSecOps practices

Nice To Haves

5 Years Experience operating in multi-vendor, multi-platform environments
5 Years Demonstrated ability to reduce repeat audit findings and improve compliance maturity
5 Years Experience mentoring or guiding teams on security governance best practices
1 Years Experience supporting HHSC systems, including SSP development and compliance

Responsibilities

Lead end to end System Security & Privacy Plan (SSP/SSPP) development, maintenance, and updates for enterprise systems
Drive remediation activities through POA&M management, ensuring timely closure of compliance gaps
Translate penetration testing and vulnerability findings into actionable remediation work items (EPICs/user stories)
Coordinate with application, infrastructure, and security teams to validate remediation through re-testing and evidence
Oversee risk-based vulnerability management, including prioritization and SLA-driven remediation
Provide governance oversight for endpoint protection, web application security, and cloud security controls
Produce assessor ready documentation, including configurations, monitoring evidence, approvals, and incident traceability
Support continuous audit readiness and reduce repeat findings through disciplined governance and documentation practices