Information Systems Security Engineer

About The Position

Requirements

• Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related STEM field.
• Experience: 5+ years of experience in information security engineering or related roles.
• Certifications: CompTIA Security+, CISM, eMASS
• Strong knowledge of security architecture frameworks, ATO process, risk management processes, and security technologies (e.g., firewalls, intrusion detection/prevention systems, encryption).
• Excellent analytical and problem-solving abilities, with experience conducting threat modeling and vulnerability assessments.
• Strong communication and documentation skills, capable of effectively conveying complex security concepts to technical and non-technical audiences.
• Active current DOW/DOD Secret security clearance.

Nice To Haves

• Master’s degree in Cybersecurity is desired.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and CompTIA Advanced Security Practitioner (CASP+) are all highly desirable.
• Demonstrated ability to successfully navigate the ATO process resulting in certification of computer systems operating in a classified environment.
• Experienced working with cross-functional teams to include engineering, IT, and manufacturing.

Responsibilities

• Security Architecture Development: Design and implement information security solutions and architecture in alignment with organizational policies and regulatory requirements.
• Risk Assessment: Conduct risk assessments to identify potential threats and vulnerabilities within the IT environment and propose appropriate mitigation strategies.
• Security Controls: Design and integrate security controls to protect system integrity, confidentiality, and availability, as well as ensure compliance with applicable standards.
• System Integration: Work with IT and development teams to securely integrate new technologies and platforms into the existing IT infrastructure.
• Security Documentation: Develop and maintain comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, and Security Assessment and Authorization (A&A) packages.
• Incident Response: Support incident response efforts, providing expertise in investigating security incidents and implementing countermeasures to prevent future occurrences.
• Security Testing and Evaluation: Conduct security testing, analysis, and evaluation of new and existing systems to identify security weaknesses and recommend improvements.
• Compliance Monitoring: Ensure ongoing compliance with relevant security regulations and standards, such as CMMC L2, NIST SP 800-171, ISO 27001, and others as applicable.
• Collaboration: Collaborate with stakeholders, including system owners, to ensure security measures align with business objectives and operational needs