Information Systems Security Engineer (ISSE)

NTT DATA•Washington, DC

About The Position

The Information Systems Security Engineer (ISSE) is responsible for designing, developing, and implementing secure information systems in compliance with organizational policies, client requirements, and federal cybersecurity standards. The ISSE integrates security into every phase of the system development lifecycle (SDLC), ensuring confidentiality, integrity, and availability are preserved throughout system design, deployment, and sustainment. As a key member of the Cybersecurity Operations Team, the ISSE works closely with system owners, architects, engineers, developers, and assessors to translate security requirements into technical solutions, mitigate risks, and implement effective security controls. The ISSE provides subject matter expertise in system security architecture, secure integration, regulatory frameworks (RMF, NIST CSF, FedRAMP, DoD), and the configuration of security technologies.

Requirements

Master's degree in information technology, cybersecurity, data science, information systems, or computer science, from an ABET accredited or CAE designated institution.
Education Equivalency: One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
Minimum 10 years of experience in Information Technology (IT) / Information Security (IS).
At least one (1) DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding.
Active Top Secret security clearance

Responsibilities

The ISSE is responsible for developing and integrating security engineering solutions throughout the SDLC.
Ensure security is incorporated into requirements, design, implementation, testing, and maintenance.
Apply secure design principles such as defense-in-depth and least privilege.
Collaborate with architects to align system security architecture with mission needs.
The ISSE identifies and translates cybersecurity requirements into technical specifications.
Interpret security requirements from NIST SP 800-53, CNSSI 1253, and related standards.
Convert organizational policies and federal regulations into actionable technical requirements.
Balances security requirements with operational and mission objectives.
The ISSE conducts system-level risk assessments and supports vulnerability management.
Perform risk analyses, threat modeling, and vulnerability assessments.
Recommend and document mitigation strategies for identified risks.
Contribute to continuous monitoring activities by reviewing system risk posture.
Conducts static and Dynamic code review when necessary
Analysis of scripts as necessary
The ISSE develops and maintains security documentation to support authorization activities.
Draft and update SSPPs, Risk Assessment Reports (RARs), SARs, and related artifacts.
Support preparation of documentation for ATOs or equivalent authorizations.
Ensure documentation reflects current system architecture and controls.
The ISSE collaborates with stakeholders to guide secure design and system authorization.
Coordinate with ISSOs, ISOs, developers, and assessors throughout security testing and evaluation.
Provide security engineering input to development and integration teams.
Support compliance with RMF and authorization processes to maintain ATO status.
The ISSE implements and supports cybersecurity tools and technologies.
Assist with the configuration and management of tools such as SIEMs, endpoint protection, firewalls, and vulnerability scanners.
Analyze security tool outputs to identify anomalies and potential threats.
Recommend improvements in tool integration and effectiveness.
The ISSE provides technical expertise during incident response activities.
Support investigations by analyzing system architecture and configurations.
Assist in implementing corrective actions to address vulnerabilities and prevent recurrence.