Information System Security Engineer (ISSE), Level 3-Sr.

About The Position

Requirements

• Must possess and be able to maintain a TS/SCI clearance with polygraph
• BS degree with 10-12 years' experience, MS degree with 8-10 years' experience, PhD with 5-7 years' experience.
• 10 or more years of experience with Information Systems Security Engineers (ISSE) support
• One or more of the following certifications: CISSP-ISSEP, CISSP-ISSAP, CISM, CISSO, CISSP, CISSP-ISSMP, FITSP-M, GCIA, GCIA, GCSA, GICSP, GSEC, GSLC
• Knowledge of best practices when implementing security controls including: SW engineering methodologies, Security engineering methodologies, Security engineering principles, Secure coding techniques
• Coordinate activities with A&A stakeholders
• Knowledge of and experience with: ICD 503 and the Government’s certification and accreditation process
• Networks, computer components, protocols, and COTS technology
• System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers
• SW integration of COTS and GOTS products
• Virtualization platforms and technologies

Nice To Haves

• A STEM degree
• Education relevant to computer engineering, INFOSEC, information management, and/or computer science
• Experience in technical project management
• Technical experience in: Configuring and supporting, at a minimum, Windows, Linux, Unix, Mac OS
• Configuring and supporting, at a minimum, VMware, Xen, Hyper V
• SW engineering
• Program design and implementation
• Configuration management
• System maintenance
• Integration testing
• IS engineering

Responsibilities

• Provide lifecycle cybersecurity and ISSE support aligned with NIST, RMF, IC, and DoD security policies for terrestrial and space systems.
• Assist in developing, implementing, and administering security programs for Government approval.
• Document and maintain unique ISSE processes that aren't included in standard NIST publications.
• Apply engineering best practices and principles as outlined in NIST SP 800-160.
• Assess risks, mitigation measures, residual risks, and recommend Government actions.
• Identify, track, and guide the remediation of system vulnerabilities and technical corrections, including updating security configurations for hardware, systems, and software.
• Recommend standard risk management principles and mitigation measures to address system vulnerabilities, threats, and risks.
• Oversee and guide the development and integration of IA system architecture for IT and ICS/SCADA systems.
• Recommend cost-effective, efficient security architectures and network security solutions to ensure confidentiality, integrity, and availability.
• Integrate Cross Domain Solutions and collaborate to ensure compliance with agency processes.
• Develop cybersecurity documentation in support of RMF and ATO processes.
• Participate in working groups, forums, and reviews to provide IA engineering expertise.
• Deliver documentation for meetings, including decisions, action items, and technical evaluations.
• Collaborate with SMEs, program leads, and stakeholders to align security measures with operational and acquisition requirements.
• Engage in cross-functional teams for engineering, ISSE forums, and Integrated Product Teams (IPTs).
• Guide on the use of common IA controls and ensure effective InfoSec controls are rigorously applied.
• Research and recommend countermeasures for emerging threats and vulnerabilities in terrestrial and space systems.
• Analyze IA/IS environments to assess effectiveness, identify vulnerabilities, and report with technical evaluations.
• Promote systems resilience to environmental, mechanical, electronic, or hostile disruption.