Information Systems Security Engineer (ISSE)

About The Position

Requirements

• Security Clearance: Active Top Secret security clearance with the ability to obtain SAP and SCI access (U.S. citizenship required).
• Experience: 3-5 years of technical (hands-on) experience in Information Assurance/Cyber Engineering, including requirements development and implementation.
• Certification: DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months of hire.
• Familiarity: Knowledge of the DCSA Authorization and Assessment Process Manual (DAAPM) and the Joint Special Access Implementation Guide (JSIG).
• Technical Skills: Configuration, certification, and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networks.
• Managing and implementing DISA STIGs and benchmarks in various operating systems (Windows, RHEL, Ubuntu).
• Using IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)).
• Maintaining/managing Security Incident and Event Management (SIEM) and centralized auditing tools (e.g., Splunk, PowerStrux).
• Familiarity with Microsoft Deployment Toolkit (MDT).
• Supporting the hardening of new builds of Information Systems (IS) and ensuring full functionality before deployment.
• Scripting in Windows and/or Linux.
• Using McAfee/Trellix ePO, including familiarity with DLP components.
• Experience with NIST SP800-53 technical control implementation and assessment.
• Excellent communication skills, detail-oriented, self-starter with a focus on understanding STR CCS and CIT processes and procedures.
• A desire for continuous improvement while working in a team environment and the ability to handle multiple fast-changing priorities/projects effectively.

Nice To Haves

• Experience in one or more of following technical areas Artificial Intelligence, DevSecOps, Cloud or Containerization.

Responsibilities

• Conduct both vulnerability and compliance scans of Information Systems.
• Support the development of Risk Management Framework (RMF) documentation and control validation testing for Authority to Operate (ATO) accreditations.
• Develop cybersecurity requirements, design, and architecture for current and emerging program needs.
• Implement Information Assurance and Information Security protections and requirements in program development and execution environments.
• Apply required security controls to networking devices, databases, operating systems, and hardware/software components.
• Assist ISSMs and ISSOs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional.
• Support the completion of Continuous Monitoring requirements in accordance with RMF and NIST SP800-53 standards.
• Perform other tasks as assigned by the manager.