Information Systems Security Engineer

Booz Allen Hamilton•Lakewood, CO

1d•$99,000 - $225,000

About The Position

The Opportunity: Cyber threats are everywhere, and the constantly evolving nature of these threats can make understanding them seem overwhelming to government organizations. In all of this “cyber noise,” how can these organizations understand their risks and how to mitigate them? The answer is you, an Information Security Risk Specialist who will break down complex threats into manageable plans of action. As an Information Systems Security Engineer on our team, you’ll work with system owners to discover their cyber risks, understand applicable policies, and develop a mitigation plan. You’ll get technical, environmental, and personnel details from SMEs to assess the entire threat landscape. Then, you’ll help the team guide the client through a plan of action with presentations, white papers, and milestones. You’ll work on translating security concepts for your client so they can make the best decisions to secure their new systems or for enhanced functionality on existing systems and ensure the requirements are effectively integrated into information systems throughout the System Development Life Cycle. You will perform and review technical security assessments to identify vulnerabilities and ensure compliance with IA standards and regulations. You will validate and verify system security requirements, establish system security designs, and integrate system security capabilities for various environments. This is your opportunity to take an active role in information security while growing your skills in assisting with proposing, coordinating, and enforcing information systems security policies, standards, and methodologies. Join us as we protect our nation’s cyber infrastructure. Join us. The world can’t wait.

Requirements

8+ years of experience with information assurance or cybersecurity
5+ years of experience with working as an Information System Security Engineer (ISSE)
Experience with achieving system certification, accreditation, assessment, and authorization, including IATT's and ATO's
Experience with NIST 800-37, NIST 800-53, or Intelligence Community Directive 503 requirements
Experience with SIEM, Trellis, HBSS, or vulnerability scan tools including ACAS, Tenable Security Center, and Nessus
Experience monitoring operating systems security events such as Windows or Linux and networking protocols such as TCP, IP, DNS, DHCP, HTTP, or HTTPS
Top Secret clearance
Bachelor's degree
IAT or IAM Level II Certification, including GSEC, Sec+, CASP+, GICSP, CEH, CISM, or CISSP Certification

Nice To Haves

Experience with providing network, system administration, or computer operations
Experience with ACAS and vulnerability databases, including Tenable Nessus, NVD, and NIAP
Experience with supporting the intelligence community
Knowledge of cloud architecture and virtualization
Possession of excellent interpersonal and presentation skills

Responsibilities

Work with system owners to discover their cyber risks, understand applicable policies, and develop a mitigation plan.
Get technical, environmental, and personnel details from SMEs to assess the entire threat landscape.
Help the team guide the client through a plan of action with presentations, white papers, and milestones.
Translate security concepts for your client so they can make the best decisions to secure their new systems or for enhanced functionality on existing systems.
Ensure the requirements are effectively integrated into information systems throughout the System Development Life Cycle.
Perform and review technical security assessments to identify vulnerabilities and ensure compliance with IA standards and regulations.
Validate and verify system security requirements, establish system security designs, and integrate system security capabilities for various environments.
Assist with proposing, coordinating, and enforcing information systems security policies, standards, and methodologies.