Information System Security Engineer (ISSE) Level 3
Clearance Required: TS/SCI with Current CI Poly
Minimum Years’ Experience:
Overall Assignment Description:
In this role you will ensure cybersecurity requirements are identified, allocated, implemented, verified and continuously monitored throughout the system life cycle.
What You'll Be Doing:
- Define system security requirements in coordination with security stakeholders including system engineers, program managers, security control assessors, and authorizing officials.
- Ensure cybersecurity requirements are identified, allocated, implemented, verified and continuously monitored throughout the system life cycle.
- Coordinate RMF processing with program, developer and authorizing stakeholders to achieve ATOs.
- Provide independent cybersecurity advice and guidance to government stakeholders.
- Develop or review system security designs and architectures.
- Advise system engineers on best methods to remediate vulnerability findings through the use of security scanning tools
- Support engineering analysis of alternatives, tradeoffs, and risk treatment decisions
- Develop cybersecurity documentation in support of customer Risk Management Framework (RMF) process; in accordance with NIST SP 800-37 Rev 2.
- Work with interdisciplinary teams to deliver trustworthy and secure systems.
What Required Skills You'll Bring:
- 5 years minimum of system and/or security engineering work performed in support of U.S. Government customers subject to Intelligence Community Directive (ICD) 503.
- (ISC)2 Certified Information System Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) certification.
- Review and development of RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs).
- Proven ability to balance priorities in a dynamic, mission-oriented environment.
- Strong initiative and communication skills.
- What Desired Skills You'll Bring:
- Experience implementing NIST SP 800-53 Revision 4 security requirements and NIST SP 800-53A security assessment procedures.
- Knowledge of Cloud (i.e. Azure, Amazon C2S, Commercial and GovCloud) security planning, design, and operations.
- Ability to explain complex cybersecurity issues to a diverse audience in layman's terms
- Engineering work performed in national security mission environments.
- Experience implementing or assessing cybersecurity solutions using technologies such as:
- Nessus, WebInspect, Splunk, Open SCAP
- Microsoft Windows, Server, Active Directory
- RedHat Linux; CentOS,
- Virtualization Platforms: Hyper-V, VMware
- VDI (Desktop), Citrix
- Network engineering/design of LANs, WANs, MANs, including underlying routing protocols, and implementation. (TCP/IP, BGP, OSPF)
- Knowledge of Cross Domain Solutions (CDSs).
- Experience presenting verbal/written communications to Senior leadership including ISSMs, System Owners, Authorizing officials, security directors
- Experience with systems engineering lifecycle processes
- Experience as an advisor the Government ISSM on ATO extensions, body of evidence reviews
- Participating in RFC/CCB reviews as voting member for Government customer programs
- Experience guiding systems through the RMF approval process per NIST-800-37.
Read Full Description