Information Systems Security Engineer (ISSE)

Your Impact:

Are you interested in using your skills to help shape the Cyber, Security, & Intel space? If so, look no further. Amentum is seeking a Principal Information System Security Engineer to join our team of passionate individuals in Chantilly, VA. In this role you will support challenging, mission-critical projects that make a direct impact on the Nation's security and intelligence mission.

We are seeking a highly skilled and experienced Principal Information System Security Engineer to join our team. The successful candidate will bring extensive knowledge and hands-on experience in cybersecurity engineering, risk management frameworks, and secure software development lifecycle management. This role involves leading and managing accreditation efforts, conducting risk assessments, and collaborating with cross-functional teams to ensure the highest standards of information security across our applications and systems.

Responsibilities:

• Oversee cybersecurity measures for applications within an agile software environment.
• Manage the assessment and authorization (A&A) efforts for accrediting and reaccrediting system authorizations.
• Performs vulnerability scanning to uncover any potential security concerns within the information systems.
• Utilize common control provider (CCP) knowledge to secure authorization for applications on new platforms.
• Work closely with stakeholders to ensure seamless decommissioning and accreditation of replacement systems with no downtime.
• Conduct technical exchange meetings (TEMs) and liaise with key departments to facilitate A&A efforts.
• Track and manage Plan of Action and Milestones (POAMs) across all systems, ensuring completion and recommending remediation steps.
• Conduct system self-scans to support initial, update, and reaccreditation efforts.
• Perform technical planning, system integration, verification and validation, and risk assessments.
• Create Basis of Estimate (BOE) documentation and other critical artifacts for system A&A efforts.
• Develop and document security evaluation test plans and procedures.
• Provide documentation and recommendations for security best practices and risk management framework (RMF) accreditation.
• Drive application security and secure software development lifecycles, including containerization security as per NIST SP 800190.
• Conduct hands-on security testing, analyze test results, and recommend countermeasures.
• Provide guidance on cloud computing services, deployment architecture, and network management tools.
• Review project requirements and assist in the development and tracking of project tasks and client deliverables.
• Communicate with clients on project specific activities and manage project related deliverables.
• Facilitate process working groups to analyze existing processes and create new business strategies.

Requirements:

• Bachelor's Degree in Security and Intelligence, or a related field.
• Security CE, AWS Advanced Architect, and Splunk Fundamentals 1 and 2 certifications.
• Extensive experience in information system security engineering, risk assessment, and vulnerability management.
• Strong understanding of cloud computing services, secure software development lifecycles, and containerization security.
• Proficient in creating and maintaining security documentation and Standard Operating Procedures (SOPs).
• Demonstrated experience in leading technical exchange meetings, managing project deliverables, and ensuring compliance with security standards and policies.

Clearance Required:

• TS/SCI w/ poly

Minimum Education:

• B.S. in Mathematics and/or Security and Intelligence, or a related field.

Minimum Years of Experience:

• 8

Preferred:

• Excellent technical writing and documentation skills
• Proven ability to collaborate with multidisciplinary teams

#javelin