Information Systems Security Engineer, Level 3
The selected candidate will join a high-performing agile team using the Scaled Agile Framework (SAFe) methodology to support a nationally significant and fast-paced program. Program execution follows DevOps best practices and employs robust development, test and production environments. Our team of security engineers supports enhancements to system security architecture and cybersecurity capabilities; manage multiple system security plans for development, test and production systems at multiple classification levels following the Risk Management Framework (RMF); manage cross-domain capabilities; and support Security Verification Testing (SVT) of relevant Type 1 devices.
The selected candidate will provide support for adding new capabilities to a complex network system with geographically distributed components that has exacting interface, performance and security requirements. He/she will become part of a team of Security Engineers working on solving challenging issues on a nationally significant defense program. The program makes heavy use Public Key Infrastructure (PKI), cryptographic technologies, and cross-domain solutions. The selected individual will collaborate with other engineers and technical experts in providing improvements to our operational, test, integration, and development systems.
Security Clearance Requirements:
This position requires candidates to be U.S. Citizens and possess a TS/SCI Security Clearance with an appropriate Polygraph
Required Education & Years of Experience
- Bachelor’s Degree in Computer Science, Information Assurance, Information Security System Engineering or a related discipline and 20+ years experience as an ISSE, or
- Master’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline and 18+ years experience as an ISSE, or
- HS Diploma and 24+ years of ISSE experience.
- Must have experience with secure configurations of commonly used desktop and server operating systems.
- Must have experience or familiarity with applying Risk Management Framework and formulating and assessing IT security policy.
- Must have demonstrated knowledge of one or more common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
- Must be comfortable working on multiple systems and components simultaneously, possibly with various configurations.
- Must have strong verbal and written communications skills.
- Must be committed to adopting and adhering to best practices.
- Must be able to effectively plan and prioritize personal tasking.
- Must be capable of performing high quality work both independently and with a team in a fast-moving environment.
- Experience or familiarity with Defense in Depth Principals.
- One or more of the following: DoD 8570 compliance with IASAE; Information Systems Security Engineering Professional (ISSEP) Certification; Computer Information Systems Security Professional (CISSP) Certification.
- Experience with integrated security services management processes (i.e. assessing and auditing network penetration testing, anti-virus planning assistance, risk analysis, and incident response).
- Experience providing information assurance support for application development.
- Experience with penetration testing tools and hands-on vulnerability testing.
- Experience with scripting languages.
- DoD 8570 compliance with IASAE Level 3 is required
- Information Systems Security Engineering Professional (ISSEP)
- CISSP Certification