Information Systems Security Engineer

About The Position

Requirements

• Strong systems and security engineering background (Linux/Windows, containers/Kubernetes, networking, identity, and cloud)
• Experience architecting security patterns and automating enforcement (Terraform/Ansible, Python/PowerShell/Bash)
• Practical understanding of how engineering enables ATO readiness in high tempo environments
• Excellent communication, organizational, and problem solving skills
• Ability to balance and adjust work priorities to meet short deadlines

Responsibilities

• Design and implement security architectures and platform guardrails for mission systems across compute, network, identity, and data planes (on prem, cloud, and hybrid), aligned to Zero Trust principles (segmentation, strong identity, least privilege, continuous verification).
• Engineer platform hardening and baselines for Linux/Windows hosts, container/Kubernetes clusters, and cloud services; automate configuration and drift detection via Infrastructure as Code (IaC) (e.g., Terraform/Ansible) and policy as code (e.g., OPA/Conftest).
• Implement and validate STIG/SRG requirements through automated checks and CI/CD gates; integrate results into pipelines to prevent configuration regressions.
• Develop Security Test Procedures (STPs) and automated security tests (SAST/DAST/SCA) in CI/CD; support assessment & authorization by producing technical evidence from engineering telemetry rather than manual artifact creation.
• Build detection and response integrations (e.g., EDR, IDS/IPS, cloud threat detection, log pipelines) and tune signals with engineering teams to reduce noise and accelerate incident triage.
• Conduct risk and vulnerability assessments focused on exploitability and blast radius; orchestrate scanning, exploit repro where appropriate, and engineer remediations that are scalable and repeatable.
• Collaborate with ISSMs, platform engineers, and mission owners to address risk through architecture choices (segmentation, mTLS, key/secret management, token based auth), bringing systems to ATO readiness and maintaining posture throughout the lifecycle.
• Engineer identity and access controls (RBAC/ABAC, OAuth2/OIDC, SAML, SCIM) across applications and clusters; enforce least privilege and just in time access with automated provisioning.
• Establish telemetry and compliance automation (e.g., CSPM/KSPM/CNAPP tools, configuration baselines, drift alerts) to monitor systems for evolving threats and misconfigurations.
• Synchronize inspections, tests, and reviews with affected parties; drive technical fixes into backlogs and pipelines to ensure enduring compliance and resilience.
• Read and interpret dataflow, network, and other developmental diagrams; produce architecture decision records (ADRs) and concise engineering documentation.
• Write and utilize documentation that translates complex security engineering into repeatable patterns for developers and operators.