Information System Security Engineer

About The Position

Requirements

• Typically requires bachelor's degree or equivalent and 5 plus years of directly related experience
• Minimum of 5 years ISSE /System Engineering experience, or directly related.
• Experience with implementing NIST 800-53 controls/ICD 503
• Knowledge of the NRO environment and the Xacta 360 tool to navigate projects through the RMF process to achieve IATT & ATO
• Experience participating in Assessment and Authorization (A&A) process
• Experience preparing systems security documentation (e.g., security plans, risk assessment reports, Plan of Actions and Milestones (POA&Ms), etc.)
• Experience with Continuous Monitoring, mitigating scan findings, maintaining network cut sheets/PPS sheets
• Experience with system integration and hardening in the NRO cloud environment
• Experience working with engineers and system administrators to correct scan findings / system vulnerabilities
• Must have a current and active TS/SCI with CI Polygraph to begin employment
• Must have current Security+ Certification or another DoD 8570 Complaint IA Certification, or ability to obtain immediately upon hiring
• Vulnerability assessment scanning experience (Security Center/NESSUS)

Nice To Haves

• Information Systems Security Officer (ISSO) knowledge and/or experience
• Experience with developing test plans for information systems
• Demonstrated experience with Linux (Red Hat)
• Experience with DevSecOps
• Familiarity with code quality and code analyzing security tools
• Experience with Amazon Web Services (AWS): Should have current or ability to obtain an Amazon Cloud certification, such as AWS Certified Solutions Architect – Associate or AWS Certified Security Specialty
• Audit log review: ability to query and perform analysis in Netwitness, Splunk, etc

Responsibilities

• Navigating projects through the RMF process to achieve IATT and ATO
• Writing NIST 800-53 responses to security controls, including inherited, shared, or systems level controls
• Providing technical guidance regarding the system’s Assessment and Authorization (A&A) process
• Participating in security testing and assessments
• Prepare, Present, and Maintain all security related documentation for system including, but not limited to, system security plan, body of evidence, Plan of Action and Milestones (POAM), and Certification and Accreditation (C&A) documentation leveraging online record keeping systems
• Identifying missing, inaccurate, or duplicate data
• Establishing and maintaining strong relationships with the organization’s Information Systems Security Managers (ISSM) and seeking guidance for approval, as needed
• Working with the team to mitigate the risk elements (POAMs) identified during assessment and seeking validation from enterprise security depending on level of risk element
• Facilitating and attending Technical Exchange Meetings (TEMs) with engineers and other partners to gather requirements for project registration and control implementation
• Supporting weekly and ad hoc reporting requirements
• Preparing and presenting briefing material

Benefits

• flexible time off
• robust learning resources
• comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits