Information Systems Security Engineers (ISSE), Level 2-Mid

About The Position

Requirements

• Must possess and be able to maintain a TS/SCI clearance with polygraph
• BS degree with 8-10 years' experience, MS degree with 6-8 years' experience, PhD with 3-5 years' experience.
• 10 or more years of Information Systems Security Engineers (ISSE) Support experience
• One or more of the following certifications: CISSP-ISSEP, CISSP-ISSAP, CISM, CISSO, CISSP, CISSP-ISSMP, FITSP-M, GCIA, GCIA, GCSA, GICSP, GSEC, GSLC
• Knowledge of best practices when implementing security controls including: SW engineering methodologies, Security engineering methodologies, Security engineering principles, Secure coding techniques
• Coordinate activities with A&A stakeholders
• Knowledge of and experience with: ICD 503 and the Government’s certification and accreditation process
• Networks, computer components, protocols, and COTS technology
• System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers
• SW integration of COTS and GOTS products
• Virtualization platforms and technologies

Nice To Haves

• A STEM degree
• Education relevant to computer engineering, INFOSEC, information management, and/or computer science
• Experience in technical project management
• Technical experience in: Configuring and supporting, at a minimum, Windows, Linux, Unix, Mac OS
• Configuring and supporting, at a minimum, VMware, Xen, Hyper V
• SW engineering
• Program design and implementation
• Configuration management
• System maintenance
• Integration testing
• IS engineering

Responsibilities

• Support the development and maintenance of security programs and processes based on NIST, RMF, and industry best practices.
• Assist in documenting and following ISSE practices and security engineering principles, referencing NIST SP 800-160.
• Ensure system security requirements are clear and align with Government standards.
• Assess potential security risks, recommend mitigation actions, and provide input on Government decisions.
• Identify and manage vulnerabilities in IT systems, applications, and hardware, and ensure proper remediation is implemented.
• Conduct technical evaluations of vulnerabilities, threats, and risks, and help in standardizing risk management processes.
• Assist in designing, developing, and implementing secure IT and SCADA/ICS system architectures.
• Recommend effective security solutions, including network security measures, that ensure systems remain safe from attackers.
• Help integrate and support cross-domain security solutions while collaborating with relevant teams.
• Prepare and update necessary security documentation, including RMF documents, and help prepare for ATO authorizations.
• Participate in meetings, working groups, and reviews to provide input on security-related concerns and solutions.
• Document decisions, action items, and outcomes for official meetings and deliver reports in required formats.
• Work with leads, subject matter experts, and Government representatives to align security efforts with program and agency objectives.
• Support security assessments of new systems, features, or technologies being introduced into the organization.
• Monitor and implement industry best practices for managing vulnerabilities and improving systems security.
• Research and recommend new security tools, countermeasures, or technologies to address emerging threats.
• Assist in navigating security risks for terrestrial, space, and mission-critical systems, ensuring operations can continue in challenging conditions.