Information Systems Security Engineer

Information Systems Security Engineer (ISSE) (MD) (Mid/Sr.-TS/SCI w/FSP-Onsite)

Annapolis Junction, Maryland

Full Time

We are currently seeking an Information System Security Engineer (ISSE) to support a nationally significant and fast-paced program. An ISSE is needed to provide support for adding new capabilities to a complex system with an exacting interface, performance, and security requirements. The selected individual will become part of a team of Security Engineers working on solving challenging issues on a large, significant program. The position requires a solid understanding of security practices and policies as well as hands-on vulnerability testing experience. The selected individual will collaborate with other engineers and technical experts in providing improvements to our operational, test, integration, and development systems.

Responsibilities:

The selected candidate will have numerous responsibilities from day to day drawn from a wide array of activities. The strongest candidates will have experience working in these areas:

• Validating and verifying system security requirements and establishing system security designs for large-scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.

• Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.

• Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.

• ssessing and mitigating system security threats and risks throughout the program life cycle.

• Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for various system and networking operations.

• Effectively collaborating with other internal technical experts on a day-to-day basis.

• Communicating with Program Managers and POCs from customer organizations when necessary regarding Security issues of significant importance.

• Participating in program increment planning and related agile team activities.

• Working closely with System Engineering, Test Engineering, and Integration teams to ensure that the hardware and software architecture and implementation meet the security requirements for processing classified information.

• nalyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.

• Evaluating the impact of new development on the operational security posture of the system.

• Evaluating, reviewing, and testing security-critical software.

• Proposing, assessing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• uditing and assessing system security configuration settings using common methodologies and tools.

• Managing and enforcing security strategies and policies that affect various components of the geographically distributed systems.

• Evaluating security solutions to ensure they meet customer-specified requirements for processing classified information.

• Providing configuration management for security-relevant information system software.

• Serving as a subject matter expert in security architecture including providing advice to Program Managers, Customer technical experts, and internal program teams.

• Formulating security compliance requirements for new system features.

• Identifying and remediating security issues throughout the system.

• Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions.

• Working with development teams to enrich team-wide understanding of different types of vulnerabilities, attack vectors, and remediation approaches.

• Planning and conducting security verification testing of relevant type 1 devices.

Required Qualifications:

• Clearance: TS/SCI w/ FS Poly

• Must have Computer Information Systems Security Professional (CISSP) Certification.

• Must have Information System Security Engineering Professional (ISSEP) Certification.

• Must have experience applying Risk Management Framework.

• Must have experience formulating and assessing IT security policy.

• Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP, and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.

• Must have experience with secure configurations of commonly used desktops and server operating systems.

• Must be comfortable working on multiple systems and components simultaneously in various configurations.

• Must have strong verbal and written communication skills.

• Must be committed to adopting and adhering to best practices.

• Must be able to effectively plan and prioritize tasking and communicate clearly regarding technical options and trade-offs.

• Must be capable of performing high-quality work both independently and with a team in a fast-moving environment.

Preferred Qualifications:

• Bachelor's degree or Master's Degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline.

• Five 5 years of experience with Defense in Depth Principals/technology including access control, authorization, identification and authentication, public key infrastructure, network, and enterprise security architecture and applying risk assessment methodology to system development.

• Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response.

• Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass the development, design, and implementation.

• Experience with penetration testing tools.

• Experience with scripting languages.

Skills and Certifications
TS/SCI w FS Poly
CISSP