Information Systems Security Engineer (ISSE) - MEKS

About The Position

Requirements

• Ability to develop and ensure secure testing practices for software releases.
• Experience with cloud environments, including securing them and deploying artifacts/images.
• Proficiency in building and securing CI/CD pipelines.
• Knowledge of established security protocols and cloud configurations.
• Understanding and application of industry best practices in software development.
• Experience with IATT/ATO procurement and RMF compliance.
• Skill in drafting IATT/ATO documentation for RMF compliance into Xacta.
• Ability to identify, evaluate, scope, and prioritize RMF compliance items and controls, and enter them into Xacta.
• Capability to coordinate with Cyber and technical teams for RMF process development and adherence.
• Expertise in supporting system security requirements, designing security architecture, and determining security tools.
• Experience with Continuous Monitoring (ConMon) and assessing security impacts through monitoring logs, source code, and inventories.
• Ability to perform full assessments of system's security posture.
• Proficiency in performing security testing and designing/recommending mitigations.
• Skill in developing security policies and procedures.
• Ability to provide technical expertise and guidance to junior team members.

Responsibilities

• Develop the necessary tests and security scans to support multiple MEKS software releases in a cloud environment.
• Build, secure, and deploy artifacts/images to deploy on the MEKS CI/CD pipeline.
• Secure the cloud environments by ensuring cloud configurations and settings are adhering to established security protocols.
• Ensure software development efforts are utilizing industry best practices.
• Develop, modify, or refine the necessary items for IATT/ATO procurement on all identified networks.
• Draft and deliver all IATT/ATO documentation necessary for RMF compliance into Xacta.
• Identify, evaluate, scope, and prioritize all necessary items and controls for RMF compliance and enter items into Xacta.
• Coordinate with the Cyber Team and technical team to develop an RMF process for control adherence.
• Support system security requirements, design security layout or architecture, and determine required security tools and existing tool functionality.
• Provide Continuous Monitoring (ConMon) to determine if the complete set of planned, required, and deployed security controls continue to be effective.
• Assess the security impacts by continuously monitoring logs, source code, inventories, and other items necessary for security compliance.
• Provides full assessment of system’s security posture.
• Performs security testing to verify cyber security integrity of the product.
• Designs and recommends mitigations.
• Develops security policies and procedures.
• May provide technical expertise and guidance to more junior team members.