Sr. Information Systems Security Engineer

About The Position

Requirements

• Must be a U.S. citizen with the willingness and ability to obtain a security clearance
• Bachelor’s degree in computer science, information systems, engineering, business, or related scientific or technical discipline. An additional four years of experience may be substituted for a degree.
• 8 years of experience in information systems, cyber security, space systems, or related security disciplines.
• Technical background with practical experience in designing and constructing secure systems, networks, and supporting infrastructure.
• Experience developing and implementing security controls for commercial, international, and/or U.S. government programs.
• Experience working with the National Institute of Standards and Technology (NIST) cybersecurity standards (NIST 800-171, NIST 800-53), including the Cybersecurity Maturity Model Certification (CMMC).
• Understanding and history of performing risk management activities as outlined in the NIST 800-30 and NIST 800-37

Nice To Haves

• Experience designing and implementing security controls in cloud service providers (AWS, Azure).
• Working knowledge of industry-standard Cloud Security Posture Management (CPSM) tools.
• Relevant Cloud Certifications (e.g. CCSP, AWS Cloud Practitioner, AWS Security, Azure Security Engineer Associate).
• Experience architecting, building, and deploying cloud assets for AWS and Azure.
• DOD 8570 IAT or IAM Level 3 compliant professional certification (i.e., CISSP or Associate, CASP CE, CCNP Security, CISA, GCED, GCIH, CISM, or GSLC).
• Experience with security assessment and authorization activities required for Federal systems (e.g., RMF, CMMC, ICD-503, DIACAP) and security development.
• Proficiency in using cyber-related tools (such as Nessus, NMAP, or Splunk), network scanning, vulnerability scanning, and other penetration testing tools.
• Significant experience with NIST risk analysis processes and mitigation methods.

Responsibilities

• Perform end-to-end space and ground system security assessments, control implementation, and development of mitigation plans
• Support the concept of operations, system architecture and design, integration and test environments, and continuous monitoring.
• Develop system security implementation plans and means of meeting security reporting requirements.
• Develop policies, procedures, and standards in alignment with NIST standards (e.g., NIST 800-53/800-171) and industry best practices.
• Perform risk-based security assessments, identify appropriate control and mitigation strategies, and derive and allocate security requirements to the system hardware and software elements.
• Actively participate in design reviews, technical interchange meetings, and working groups to ensure compliance with security and control requirements.
• Support trade studies as required to meet system security requirements.
• Support the Authorization to Operate (ATO) process by generating necessary reporting and accreditation documents, such as Plans of Action and Milestones (POA&Ms).
• Lead/Facilitate internal and Customer Security Reviews to present security requirements, system assessment, control implementation, and mitigation methods.
• Ability to validate system hardening based on current DISA STIGs and/or CIS Level 2 benchmarks.
• Lead and participate in vulnerability tracking, remediation, and closure.
• Perform system architecture and engineering design, including networking, identity and access management, application and data security, and system design.

Benefits

• paid time off
• health and welfare insurance
• 401(k)