Information Systems Security Engineer

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Systems, or related field
• 4-7 years of cybersecurity or closely related IT Security experience
• 2+ years direct experience performing ISSE, ISSO or equivalent security engineering functions in a federal environment
• Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts
• Working knowledge of the NIST RMF and experience supporting federal Assessments & Authorization processes
• Experience developing, maintaining, or contributing to SSPs
• Excellent verbal and written communication skills
• Must be eligible to obtain and maintain a NASA Public Trust position; ability to obtain higher-level suitability if required
• Must be a U.S. Citizen

Nice To Haves

• Prior experience within NASA cybersecurity systems and processes is a significant plus – including NASA’s A&A process, the RICS system, NASA-specific overlays, organization-defined values (ODV), and coordination with Center CISOs, CSRMs, and Authorizing Officials
• Active cybersecurity certifications: Network+, Security +, CISA, CISSP, CAP or similar
• Experience in SSP consolidation, boundary re-architecture, or authorization boundary optimization
• Experience supporting FISMA High
• Experience with modern networking and security technologies
• Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
• Ability to work well under minimal supervision
• Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT, and business personnel

Responsibilities

• Ensure the confidentiality, integrity and availability of unclassified information systems including FISMA Moderate and potentially FISMA High impact levels, as well as systems designated as High Value Assets (HVAs) under DHS Binding Operational Directive (BOD) 18-02
• Support NASA’s Assessment & Authorization (A&A) process in accordance with the NIST Risk Management Framework (RMF)
• Assist in consolidating over 30 existing System Security Plans (SSPs) into a rationalized, boundary-aligned SSP structure, while simultaneously developing new application-level and Operational Technology (OT) SSPs
• Conduct security assessments of OT systems, applications, testbeds, and software development environments; identify vulnerabilities and recommend mitigations
• Ensure regular vulnerability scanning using SAISO-required tools; coordinate flaw remediation, patch application, and residual risk documentation
• Apply technical knowledge of IT infrastructure, cloud (AWS/MCP), and/or software development to integrate cybersecurity requirements throughout the system development lifecycle
• Assist in event containment and remediation; support OCSO in detection, response, and recovery; report incidents timely; coordinate with NASA SOC with heightened coordination for HVA systems
• Collaborate with engineering and technical teams to provide tailored cybersecurity guidance meeting project objectives and NASA requirements
• Support the review and approval process for elevated privilege and NAMs requests
• Support data integrity protections and testing of information system security functions
• Promote cybersecurity awareness and best practices among engineering and technical staff
• Utilize RISC to maintain and update SSPs per A&A cycles, significant system changes, or continuous monitoring findings
• Assist in the preparation of ATO packages
• Assist in the creation, tracking and remediation of POA&Ms and RBDs
• Assist in developing information security requirements for solicitations and contracts
• Participate on the NASA Information System Change Board
• Support maintenance of auditing capabilities, audit record storage, and event analysis