Information System Security Engineer

About The Position

Requirements

• An Active TS/SCI with a Counter Intelligence Poly (highly preferred from this client)
• Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Information Systems, Computer Engineering, or a related technical field.
• Minimum of three (3) years of experience supporting Information System Security Engineering (ISSE), cybersecurity engineering, information assurance, risk management, or related cybersecurity disciplines.
• Current Information Assurance Management (IAM) Level II or equivalent qualifying certification in accordance with contract requirements.
• Experience supporting cybersecurity activities throughout the system development lifecycle.
• Knowledge of Risk Management Framework (RMF), NIST cybersecurity guidance, and Assessment & Authorization (A&A) processes.
• Knowledge of cybersecurity principles, information assurance concepts, systems security engineering methodologies, and secure system design practices.
• Experience evaluating security requirements, implementing security controls, and supporting cybersecurity compliance efforts.

Nice To Haves

• Knowledge of ICD 503 and Intelligence Community authorization processes.
• Experience supporting NRO, Intelligence Community, Department of Defense, or National Security systems.
• Experience developing RMF authorization packages and supporting Authority to Operate (ATO) efforts.
• Experience supporting cloud security, virtualization technologies, or enterprise infrastructure environments.
• Experience supporting Windows, Linux, Unix, and macOS operating environments.
• Experience integrating Commercial Off-The-Shelf (COTS) and Government Off-The-Shelf (GOTS) technologies.
• Experience supporting Cross Domain Solutions (CDS), ICS/SCADA systems, or space system cybersecurity activities.

Responsibilities

• Perform Information System Security Engineering (ISSE) activities throughout the system development lifecycle in accordance with NIST SP 800-160, NRO RMF requirements, and applicable cybersecurity directives.
• Capture, refine, and document information protection requirements and ensure their integration into system acquisitions, engineering activities, and development efforts.
• Integrate security functional requirements into acquisition lifecycle phases, program milestones, engineering documentation, and system development processes.
• Assess cybersecurity risks, identify mitigation strategies, evaluate residual risk, and provide risk-based recommendations to stakeholders.
• Support Risk Management Framework (RMF) activities, including system categorization, control implementation, assessment support, authorization support, and continuous monitoring activities.
• Develop and maintain cybersecurity documentation supporting RMF and Assessment & Authorization (A&A) activities, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), risk assessments, and related artifacts.
• Evaluate proposed system changes, technology integrations, and engineering solutions to determine cybersecurity impacts and recommend appropriate security requirements.
• Support the design, development, implementation, integration, and sustainment of secure information systems and information assurance architectures.
• Analyze system and network architectures to identify security requirements and recommend protections that support confidentiality, integrity, availability, authentication, and non-repudiation.
• Recommend security architectures and engineering solutions that align with mission objectives, performance requirements, and cybersecurity best practices.
• Conduct technical assessments to identify vulnerabilities, threats, and risks affecting enterprise, cloud, network, and mission systems.
• Support vulnerability management activities, including vulnerability analysis, remediation planning, risk evaluation, and implementation of corrective actions.
• Assess and recommend security controls, common controls, and compensating controls to address identified security requirements and risks.
• Support the integration and implementation of Cross Domain Solutions (CDS) and coordinate with relevant stakeholders to ensure compliance with organizational processes and authorization requirements.
• Apply Information Assurance (IA) and cybersecurity principles in support of enterprise IT systems, communications systems, cloud environments, and mission networks.
• Support configuration management activities to maintain the security posture of hardware, software, operating systems, applications, and infrastructure components.
• Participate in system testing, integration testing, security validation activities, and engineering reviews to verify security requirements have been properly implemented.
• Collaborate with system engineers, program managers, security control assessors, authorizing officials, and other stakeholders to support system authorization and cybersecurity objectives.
• Research emerging cybersecurity threats, vulnerabilities, technologies, and countermeasures and provide recommendations to improve system security and resiliency.
• Participate in Integrated Product Teams (IPTs), engineering working groups, cybersecurity reviews, and technical forums to support mission and program objectives.
• Support resilient system design and cybersecurity best practices that enable systems to operate through disruption, degradation, or hostile activity.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• Short-Term Disability
• Long-Term Disability
• 401(k) match
• Flexible Spending Accounts
• EAP
• Training and Tuition Assistance
• Paid Time Off
• Holidays