Information Systems Security Engineer (Multiple Levels)

About The Position

Requirements

• Bachelor’s (BA) degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university.
• TS/SCI with Polygraph.
• Level 1: Seven (7) years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity – or eleven (11) years’ experience with no BA.
• DoD 8140.03 compliance with IASAE Level 2.
• Level 2: Fourteen (14) years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity - or eighteen (18) years’ experience with no BA.
• DoD 8140.03 compliance with IASAE Level 2 and CISSP Certification.
• Level 3: Twenty (20) years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity - or twenty-four (24) years’ experience with no BA.
• DoD 8140.03 compliance with IASAE Level 3 is required.
• Information Systems Security Engineering Professional (ISSEP) and CISSP Certifications.
• A Master’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline may be substituted for two (2) years’ of experience.

Nice To Haves

• Experience manually reviewing network diagrams, network device configurations, termination points for VPNs.
• Working knowledge of software TLS security.
• Able to maintain a flexible and non-traditional RMF review of secure networks.
• Familiar with applying different standards and security frameworks including CIS benchmarks, FIPS 140-2, DISA Stigs, CNSA cryptographic suite compliance.
• Participated as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking, computing, and enclave environments.
• Supported the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures.
• Applied knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
• Performed system or network designs that encompass multiple enclaves, including those with differing data protection/classification requirements.

Responsibilities

• Facilitate sub-projects through the Risk Management Framework (RMF) accreditation life cycle.
• Support periodic system security scans as required by policy and the RMF.
• Validate and verify system security requirement definitions.
• Analyze system security designs.
• Perform technical security assessments of computing environments to identify points of vulnerability.
• Recommend mitigation strategies for vulnerabilities that do not comply with established Information Assurance (IA) standards.

Benefits

• Comprehensive healthcare benefits.
• Wellness programs.
• Financial benefits.
• Retirement plans.
• Family support programs.
• Continuing education opportunities.
• Flexible time off benefits.