Information Systems Security Engineer (ISSE)

Overview

VTG seeks to hire an Information Systems Security Engineer (ISSE) in Chantilly, VA to monitor and maintain systems security on operational systems such as malicious code eradication, configuration management, assessment and authorization of current and future systems, as well as to review and revise systems security documentation on proposed systems. ISSOs shall know how to implement common information system security practices, policies, and technologies. Additionally, ISSOs demonstrate self-motivation, initiative, sound judgement, and effective interpersonal skills, team building skills, and effective communication skills.

What will you do?

• Collaborate with system stakeholders and teammates to enhance system security
• Communicate effectively with all security stakeholders
• Create, revise, or review cybersecurity documentation
• Proactively identify opportunities for increasing customer value and engagement
• Act as a Data Transfer Agent between systems of varying security domains
• Inventory, track, and control removable media and portable electronic devices
• Advise stakeholders on NIST SP 800-37 RMF workflows and requirements
• Review SIEM and RMF workflow tools to advise ISSM on system security baselines and authorization statuses
• Advise system stakeholders on acceptable use and applicable cybersecurity policy or regulation
• Properly report and document security incidents and response actions

Do you have what it takes?

Requirements

• Clearance: Active TS/SCI with Polygraph
• Bachelor's degree + 10 years of experience OR High School/GED + 14 years of experience OR Associate's degree + 12 years of experience OR Master's degree or higher +8 years of experience

Desired Qualifications

• Experience in ICD 503 certification and accreditation
• Understanding of NIST Risk Management Framework
• Experience with Continuous Monitoring of implemented security controls to maintain system security posture, to include:
  
  • System scanning to identify vulnerabilities
  • Risk assessments, vulnerability management, incident response planning
  • POAM/risk mitigation documentation
  • Application and OS auditing
  • Familiarity with AWS and cloud-based architecture
  • Security documentation expertise, to include
    • Security control responses and artifacts
    • System Security Plans (SSPs) and Concept of Operations (CONOPS)
    • System Auditing Plans
    • System Configuration Management Plans
    • System Contingency Plans and Resiliency Testing Procedures
    • Interagency Security Agreements for connections to partner systems
  • Experience in Security Relevant Changes (SRCs), to include evaluation of type of SRC and security implications/approvals
  • Detail oriented, ability to multi-task across projects, prioritize tasks, and collaborate with ISSE, ISSM, and DevOps teams