Information System Security Engineer (ISSE) - Hybrid
Role details
Job location
Tech stack
Job description
The mid-level Information System Security Engineer will provide services related to the enhancement, expansion, or consolidation of cybersecurity information assurance support. Support may include activities such as the systematic transfer of cybersecurity monitoring or incident response workloads to designated operations centers, or (in the case of newly identified threats or vulnerabilities) providing initial support to address and mitigate the impact of such threats., * The ISSE's responsibilities include security oversight of system deployments, system and component configuration, monitoring and reporting. This position will have a role in performing security impact assessments, security testing, and working with operations and development teams on remediation and mitigation of findings.
- The ISSE's primary role will be to provide support to planning, designing and implementing security controls which safeguard and monitor events for information systems, enterprise applications and data.
- The ISSE shall provide information system security engineering support to verify and validate proposed architectures and implementations based on sound security engineering principles and practices. ISSE should have experience performing IT product security specification reviews and have prior experience in creating Security baselines for Information systems and must perform a Security Impact analysis for all exceptions or deviations.
- Identify security requirements and provide input to the system design to ensure the proper controls are built-in;
- Participate in planning and executing in the system development life cycle of new system cycles;
- Conduct risk analysis and update the risk assessment report for all changes to the FISMA systems; and provide a security impact analysis to include but not limited to the change to the overall system risk rating and posture and documentation that is impacted requiring updates.
Requirements
- Understanding of the NIST Risk Management Framework and associated special publications (800-37, 800-53, etc
- Understanding of cloud solutions e.g. IaaS, PaaS, and SaaS
- Cloud related experience and or certifications
- Communication, written, verbal
- JCAM experience preferred
Education
Completed Bachelor's degree from an accredited university, preferably in an IT related field.
Clearance / Suitability
Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.
Certifications
One or more of the following must be active and verifiable: CISM, CISA, GSLC, or Security +
A completed CISSP is preferred.
Years of Experience
At minimum 5 years of ISSE experience in the cybersecurity / IT space is required
Bonus Points:
- NIST Cybersecurity Framework experience
- Familiarity with AI tools and governance
- Experience with process improvement, documenting procedures and workflow
Benefits & conditions
You'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.
