ISSE, RegScale

About The Position

Requirements

• Bachelor’s degree in computer science, security engineering or related field.
• 10+ years of professional IT experience.
• Experience implementing NIST SP 800-207, Zero Trust Architecture at a large federal agency.
• Proven leader with experience leading high-functioning teams.
• Experience with RegScale
• Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.

Nice To Haves

• Recent experience at a Federal agency. Current DHS or DoD security clearance or public trust.
• Knowledge and experience with Zero Trust federal requirements and DHS CISA Zero Trust Maturity Model.
• Eagerness to learn and ability to think critically and work independently.
• Proficiency in micro-segmentation, end point detection, traffic encryption, data protection, policy automation and orchestration.
• Proficiency in continuous monitoring and real time analytics to detect and respond to issues immediately.
• Experience with containerization.
• Skilled in troubleshooting cloud networking environments
• Experience with nMap, Palo Alto Networks Expedition, Splunk, Sumo, and Z-Scaler, a plus.
• Cloud experience specifically, AWS and Azure
• Master’s degree, a plus.
• Effective communicator with ability to work independently.

Responsibilities

• Implementing Zero Trust requirements per executive orders/directives/policies/memorandums/etc. at an enterprise level.
• Implementing large enterprise-level projects/programs.
• Identifying critical needs, changes, and upgrades based on new network and security technologies or threats and developing solutions (i.e. Zero Trust).
• Planning, evaluating, and leading projects or teams, such as assigning work, setting priorities and providing feedback on work assignments.
• Collaborating with cross-functional teams to identify business needs and provide technical solutions to improve Zero Trust maturity scores across the five ZT Pillars.
• Develop detailed migration strategies to address legacy system integration, data migration, user transition, and operational continuity, including the use of RegScale.
• Identify processes and documents that can be automated utilizing RegScale or the Information Security Division (ISD) Orchestration Platform.
• Develop Zero Trust control enhancements for each applicable control family identified within NIST SP 800-53.
• Conduct Zero Trust maturity assessments across all USCIS information systems using the CISA Zero Trust Maturity Model, evaluating current state capabilities across the five pillars (Identity, Devices, Networks, Applications/Workloads, and Data) and documenting gaps against target maturity levels.
• Design and implement continuous authorization (ConAuth) frameworks that leverage automated security assessment capabilities, real-time monitoring, and risk-based decision making to support Zero Trust “never trust, always verify” principles and reduce traditional Authority to Operate (ATO) timelines.
• Perform comprehensive security control assessments of Zero Trust components, including Software-Defined Perimeters (SDP), Policy Enforcement Points (PEP), Policy Decision Points (PDP), and Policy Engines, ensuring compliance with NIST SP 800-53 Revision 5 controls AC-4, SC-7, and related access control families.
• Integrate Zero Trust security controls with enterprise security tools, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Governance, Risk, and Compliance (GRC) platforms such as RegScale, to enable automated compliance monitoring and reporting.
• Design micro-segmentation strategies and network architectures that eliminate implicit trust zones, implement least-privilege access controls at the application and data layers, and support dynamic policy enforcement based on continuous authentication and authorization decisions.
• Create Zero Trust implementation playbooks and standard operating procedures (SOPs) that provide step-by-step guidance for system owners, developers, and security teams to implement Zero Trust principles throughout the system development lifecycle (SDLC) and authorization processes.

Benefits

• health care
• dental
• vision
• life insurance
• 401(k)
• education assistance
• paid time off including PTO
• holidays
• any other paid leave required by law