System Security Engineer

About The Position

Requirements

• 3+ years of experience.
• Proficiencies in Microsoft Word, Excel, and Adobe PDF tools.
• Certified Information Systems Security Professional (CISSP) is required.
• Advanced Information Security experience, including deep knowledge of NIST and/or ISO frameworks.
• Expertise with NIST 800-53, including control interpretation, assessment, and documentation (this constitutes ~75% of the role).
• Demonstrated experience writing and maintaining Security Control responses and compliance documentation.
• Successful completion of a Public Trust background investigation and/or a Public Trust clearance.
• Must be a U.S. Citizen

Nice To Haves

• Experience with ServiceNow or similar change control systems (can be learned on the job).
• Experience with Archer governance, risk, and compliance (GRC) tools (can be learned on the job).

Responsibilities

• Security Assessment & Authorization (SA&A)
• Lead the preparation, submission, and lifecycle maintenance of full Certification & Accreditation (C&A) packages for ISB systems (e.g., Azure, Consolidated Statistical Platform, OCIO ISB Infrastructure Services).
• Develop and maintain documentation in Archer.
• Coordinate with CSPO to ensure federal SA&A elements are accurate, complete, and compliant.
• Enhanced Security Control Evaluation Audits (ESCA)
• Provide complete and accurate security control evidence for CSPO audits.
• Resolve findings and update documentation (BSI, BCP, SSP, ATT, PIA, ATO) in Archer based on CSPO review and feedback.
• Security Evaluation & Approvals
• Verify and validate security control implementations across ISB managed systems.
• Track vulnerabilities, remediation plans, and mitigation activities.
• Review and approve system configuration changes via ServiceNow or similar change control platforms.
• Ensure alignment with NIST 800-53a assessment procedures.
• Risk Management Framework (RMF)
• Apply ITIL processes to document security-related policies and procedures.
• Maintain accountability, records retention, and documentation consistent with RMF requirements.
• Physical Security – Data Center Access
• Manage and maintain Access Control Lists (ACLs) for data center smart card physical security.
• Federal Regulation & Compliance
• Ensure compliance with:
• Federal IT security laws
• OMB circulars
• Presidential Decision Directives (PDDs)
• FISMA requirements
• Other federal regulations and guidance
• Monitor CSPO alerts and implement required updates to ISB managed systems

Benefits

• Virtual health visits, commuter perks, pet insurance, and entertainment discounts that make life easier.
• Annual performance reviews, tuition assistance, and internal career growth opportunities to help you thrive.
• Generous 401(k) matches, life and disability insurance, and financial wellness tools to support your future.
• Annual awards, service anniversaries, referral bonuses, and peer-to-peer shoutouts that spotlight your achievements.
• Healthcare coverage, wellness programs, flu shots, and biometric screenings to support your health.