Information Systems Security Engineer (ISSE), Journeyman

CGI•Arlington, VA

17h•$100,000 - $150,000•Hybrid

About The Position

CGI Federal has an exciting opportunity for an ISSE within our Intel sector advancing the national security mission through cutting edge technology. You must have a passion for keeping pace with rapidly evolving technology advancements and leveraging your knowledge on a highly collaborative team to deliver state-of-the-art capabilities. The Information System Security Engineer (ISSE) designs, implements, and manages security solutions for information systems. Their responsibilities include ensuring systems meet security standards, conducting risk assessments, and recommending mitigation strategies. They collaborate with various teams to integrate security controls and maintain a secure operational environment. CGI Federal is growing its high-performance team whose members share a passion for building high-quality, scalable, advanced IT solutions in a collaborative, fast-paced, outcome-driven mission. This position is located in our USA VA Arlington, however, a hybrid working model is acceptable. Your future duties and responsibilities: Security Architecture Design: Developing and implementing security architectures for information systems, including hardware, software, and network components. Risk Management: Identifying and assessing security risks, developing mitigation strategies, and implementing security controls to address identified vulnerabilities. Security Compliance: Ensuring systems comply with relevant security policies, regulations, and standards, such as NIST, RMF, and ICD 503. Vulnerability Management: Conducting vulnerability scans, analyzing results, and recommending remediation actions. Security Documentation: Creating and maintaining security documentation, including system security plans, security assessment reports, and risk management plans. Collaboration and Communication: Working closely with system administrators, network engineers, software developers, and other stakeholders to integrate security into the system development lifecycle. Continuous Monitoring: Participating in continuous monitoring activities to ensure ongoing security posture and compliance. Incident Response: Participating in incident response activities, including investigating security incidents, analyzing malware, and implementing forensic analysis.

Requirements

Bachelor’s degree and/or 2 to 5 years of experience
Candidates must possess an active TS/SCI clearance with polygraph
Strong knowledge of security principles, technologies, and best practices.
Experience with the Risk Management Framework and its application to information systems.
Understanding of secure system design principles and experience developing secure architectures.
Knowledge of various security controls and their implementation.
Experience with vulnerability scanning tools and techniques.
Ability to create and maintain security documentation.
Excellent verbal and written communication skills to collaborate with diverse teams.
Strong analytical and problem-solving skills to address complex security challenges.

Nice To Haves

CISSP, CISM, CAP, or other security certifications

Responsibilities

Security Architecture Design: Developing and implementing security architectures for information systems, including hardware, software, and network components.
Risk Management: Identifying and assessing security risks, developing mitigation strategies, and implementing security controls to address identified vulnerabilities.
Security Compliance: Ensuring systems comply with relevant security policies, regulations, and standards, such as NIST, RMF, and ICD 503.
Vulnerability Management: Conducting vulnerability scans, analyzing results, and recommending remediation actions.
Security Documentation: Creating and maintaining security documentation, including system security plans, security assessment reports, and risk management plans.
Collaboration and Communication: Working closely with system administrators, network engineers, software developers, and other stakeholders to integrate security into the system development lifecycle.
Continuous Monitoring: Participating in continuous monitoring activities to ensure ongoing security posture and compliance.
Incident Response: Participating in incident response activities, including investigating security incidents, analyzing malware, and implementing forensic analysis.