Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

Posted:
11/11/2024, 10:16:27 AM

Location(s):
Colorado, United States ⋅ Aurora, Colorado, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
On-site

Information System Security Engineer (ISSE) Level 3

Clearance Required:  TS/SCI with Current CI Poly

Location:  Aurora, CO - 100% onsite

Minimum Years Experience:   5 years

 Overall Assignment Description:  

In this role you will ensure cybersecurity requirements are identified, allocated, implemented, verified and continuously monitored throughout the system life cycle.

What You'll Be Doing:

  • Define system security requirements in coordination with security stakeholders including system engineers, program managers, security control assessors, and authorizing officials.

  • Ensure cybersecurity requirements are identified, allocated, implemented, verified and continuously monitored throughout the system life cycle.

  • Coordinate RMF processing with program, developer and authorizing stakeholders to achieve ATOs.

  • Provide independent cybersecurity advice and guidance to government stakeholders.

  • Develop or review system security designs and architectures.

  • Advise system engineers on best methods to remediate vulnerability findings through the use of security scanning tools

  • Support engineering analysis of alternatives, tradeoffs, and risk treatment decisions

  • Develop cybersecurity documentation in support of customer Risk Management Framework (RMF) process; in accordance with NIST SP 800-37 Rev 2.

  • Work with interdisciplinary teams to deliver trustworthy and secure systems.

What Required Skills You'll Bring:

  • 5 years minimum of system and/or security engineering work performed in support of U.S. Government customers subject to Intelligence Community Directive (ICD) 503.

  • ​​(ISC)2 Certified Information System Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) certification.

  • Review and development of RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs).

  • Proven ability to balance priorities in a dynamic, mission-oriented environment.

    • Strong initiative and communication skills.

    What Desired Skills You'll Bring:

    • Experience implementing NIST SP 800-53 Revision 4 security requirements and NIST SP 800-53A security assessment procedures.

    • Knowledge of Cloud (i.e. Azure, Amazon C2S, Commercial and GovCloud) security planning, design, and operations.

    • Ability to explain complex cybersecurity issues to a diverse audience in layman's terms

    • Engineering work performed in national security mission environments.

    • Experience implementing or assessing cybersecurity solutions using technologies such as:

    • Nessus, WebInspect, Splunk, Open SCAP

    • Microsoft Windows, Server, Active Directory

    • RedHat Linux; CentOS,

    • Virtualization Platforms: Hyper-V, VMware

    • VDI (Desktop), Citrix

    • Network engineering/design of LANs, WANs, MANs, including underlying routing protocols, and implementation. (TCP/IP, BGP, OSPF)

    • Knowledge of Cross Domain Solutions (CDSs).

    • Experience presenting verbal/written communications to Senior leadership including ISSMs, System Owners, Authorizing officials, security directors

    • Experience with systems engineering lifecycle processes

    • Experience as an advisor the Government ISSM on ATO extensions, body of evidence reviews

    • Participating in RFC/CCB reviews as voting member for Government customer programs

    • Experience guiding systems through the RMF approval process per NIST-800-37.