Information Systems Security Engineer (ISSE I) (Government)

AT&T•Columbia, SC

2d•Onsite

About The Position

AT&T Global Public Sector is seeking an Information Systems Security Engineer (ISSE) to support information assurance programs and ensure the security posture of mission-critical systems. This role is crucial for supporting security authorization activities in alignment with program and government requirements. The contract requires specialized expertise in areas such as high-performance computing, automated processing systems, distributed software design, and secure hosting and networking solutions. The IT infrastructure primarily consists of Linux, with a variety of network devices, server interconnections, mass storage solutions, and essential supporting infrastructure services. The services provided support HPC, infrastructure maintenance for HPC systems, networking, office automation, and specialized software development. The ISSE will support the engineering, assessment, and authorization of secure information systems and enclave environments, conducting technical security assessments to identify vulnerabilities and non-compliance, validating security requirements, and contributing to secure-by-design solutions across various architectures. This role involves partnering with system architects, developers, and stakeholders to ensure consistent application of security policy and enterprise solutions, and supporting risk management activities throughout the system life cycle in alignment with DoD and IC security frameworks.

Requirements

Seven (7) years of experience as an ISSE on programs and contracts of similar scope, type, and complexity required.
Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required.
Four (4) years of ISSE experience may be substituted for a bachelor's degree.
DOD 8570 compliance with IASAE Level 2 is required.
Risk Management Framework (RMF) knowledge, including end-to-end RMF process execution, Authority to Operate (ATO) support, security control implementation/assessment, and continuous monitoring.
Experience with RMF tools such as LATTEART, XACTA, BISCOTTI, WATCHCAT, and STE.
Familiarity with NIST guidance, including NIST SP 800-53 (Rev. 5 and/or Rev. 3) and NIST SP 800-37, and applying security controls to system and network environments.
Hands-on experience supporting Assessment & Authorization (A&A), including security control traceability, boundary definition, artifacts and body of evidence (BoE), and documentation quality/completeness reviews.
Experience implementing technical security requirements, including STIG implementation, false positive validation, patch management, and technical validation activities.
Knowledge of IA principles (confidentiality, integrity, availability, non-repudiation, and access control).
Understanding of security engineering across the system development life cycle (requirements, design, integration, testing, and sustainment).
Experience contributing to secure system and network design (e.g., enclave environments, system integration, and trusted relationships with external systems), including cross-domain and/or multi-enclave architectures.
Exposure to COTS/GOTS cryptography integration considerations.
Experience implementing or assessing identification, authentication, and authorization mechanisms.
Familiarity with common security engineering functions such as configuration control, change management, auditing, incident handling, contingency planning, and intrusion detection.
Experience using scanning tools for compliance, configuration, and vulnerability assessment (e.g., compliance/configuration scanners) and interpreting results to support remediation.
TS/SCI with polygraph clearance required.

Responsibilities

Perform and/or review technical security assessments to identify vulnerabilities, weaknesses, and non-compliance with IA standards; recommend and track mitigation strategies.
Validate and verify system security requirements and contribute to security requirements definition and analysis.
Establish and support system security designs for networking, computing, and enclave environments, including multi-enclave solutions with differing data protection/classification needs.
Design, develop, implement, and/or integrate security controls and security-relevant system components into operational environments (secure-by-design/secure-by-default).
Partner with architects and system developers to identify and implement appropriate security functionality that aligns with agency policy and enterprise solutions.
Support the development of security architectures and enforce trusted relationships among external systems and architectures.
Assess and mitigate system security threats and risks across the program and engineering life cycle.
Support security planning, assessment, risk analysis, and risk management activities for system and network operations.
Review certification and accreditation / authorization documentation and provide feedback on completeness and compliance.
Support security authorization activities in compliance with NSA/CSS NISCAP, DoD RMF, and the NIST RMF, as well as applicable NSA/CSS security engineering business processes.

Benefits

Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Pro-rated when working less than 40 hrs/wk.
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected
Adoption Reimbursement
Disability Benefits (short term and long term)
Life and Accidental Death Insurance
Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
Employee Assistance Programs (EAP)
Extensive employee wellness programs
Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone