Information Systems Security Engineer

Information Systems Security Engineer

Tysons, VA

TS/SCI with Poly

At Bcore, our strength comes from how we deliver impact to the mission. Whether it's architecting critical IT solutions, producing actionable intelligence, or developing cutting edge technology, we succeed because of the expertise, collaboration, and agility of our teams. Our Mission Services division combines enterprise IT, cloud solutions, DevSecOps, systems engineering, software development, and operational support. Bcore accelerates decisive advantage for warfighters and intelligence professionals by fusing human insight, rapid-fire engineering, precision-measured outcomes, and relentless grit into mission-ready solutions.

Do you want to join a team that is building tailored technical solutions to modernize our government's mission and our client's business? Do you have a desire to change how people work? Are you interested in helping to protect our nation's cyber interests? Join our growing team supporting customer missions as a Information Systems Security Engineer in Tysons, Virginia .

Responsibilities

The ISSE will lead and execute security engineering activities across complex, enterprise-scale environments. This role requires deep technical expertise across infrastructure, platforms, and applications, combined with expert-level, hands-on experience implementing the NIST Risk Management Framework (RMF) within federal government environments. The ideal candidate is a technical practitioner, not just an advisor - someone who can design, implement, assess, and secure systems end-to-end while directly supporting system authorization, continuous monitoring, and risk-based decision-making. This role also serves as the technical focal point for all security incidents, leading triage, investigation, and resolution efforts in coordination with program and enterprise security teams.

• Serve as the Cyber Security Engineer SME, providing hands-on security engineering across all system layers (infrastructure, platform, and application)
• Engineer, implement, and validate security controls in accordance with NIST SP 800-53 and RMF requirements
• Lead and support RMF lifecycle activities (Categorize, Select, Implement, Assess, Authorize, Monitor)
• Perform security engineering for:
  • Network architectures and boundary protections
  • Windows and Linux operating systems
  • Storage and virtualization platforms
  • Databases and data platforms
  • Web services, APIs, and application stacks
  • Custom and COTS/GOTS software solutions
• Provide technical input to RMF artifacts, including:
  • System Security Plans (SSP)
  • Security Control Assessments (SCA) support
  • POA&Ms
  • Risk assessments and security impact analyses
• Collaborate wi th system owners, architects, developers, ad operations teams to embed security into system design and implementation
• Support ATO, re-authorization, and continuous monitoring activities
• Identify security risks and provide practical, technically sound mitigation strategies
• Participate in security reviews, technical design reviews, and vulnerability remediation efforts
• Serve as technical l point of contact for all security incidents affecting the program
• Lead triage and analysis of new security alerts from SIEM, IDS/IPS, and other security monitoring tools
• Drive remediation efforts for recurring security alerts, identifying root causes and implementing systemic fixes
• Coordinate incident response activities between program stakeholders and enterprise security operations
• Act as primary liaison between program teams and enterprise security for incident escalation, resolution, and reporting
• Perform forensic analysis and technical investigations of security events
• Document security incidents, response actions, and lessons learned
• Develop and maintain runbooks and playbooks for common security incident types

Qualifications

Required Qualifications:

• Proven hands-on Cyber Security Engineer SME, not policy-only or audit-only
• Comfortable working across network, system, platform, and application layers
• Deep understanding of how security controls are actually implemented and validated
• Experience in federal RMF-driven environments
• Able to bridge security, engineering, and compliance effectively
• Experienced in managing security incidents from detection through resolution
• Skilled at balancing immediate incident response needs with long-term security improvements
• Effective collaborator across organizational boundaries during high-pressure security events
• Operate independently as the technical authority for system security engineering
• Demonstrate the ability to provide technical hands-on configuration, validation, and assessment of security controls
• Translate RMF and NIST requirements into real-world technical implementations
• Communicate complex technical security issues clearly to both technical and non-technical stakeholders
• Maintain a strong balance between security compliance and operational practicality
• Lead rapid response to security incidents with minimal guidance
• Demonstrate strong analytical and troubleshooting skills under pressure during active security events
• Effectively communicate incident status, impact, and remediation progress to technical and leadership audiences
• Expert-level experience with NIST Risk Management Framework (RMF) in federal government environments ( NIST SP 800-37, NIST SP 800-30, NIST SP 800-53)
• Direct involvement I ATO packages, control implementation, and assessments
• Hands-on experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, ELK Stack, ArcSight, QRadar)
• Demonstrated experience in security incident detection, analysis, and response
• Proven ability to triage security alerts and determine criticality and impact
• Infrastructure & Platforms (Hands-On)
• Networking (e.g., routing, switching, firewalls, load balancers, network security controls)
• Operating Systems: Linux (RHEL, CentOS), Windows Server
• Virtualization and storage platforms
• Databases (SQL and/or NoSQL)
• Data platforms (e.g., HPCC, Hadoop/Cloudera)
• Web services, APIs, and application architectures
• Software development environments and CI/CD pipelines
• Security tooling (e.g., vulnerability scanners, endpoint protection, SIEM)
• Engineering Experience
• Security engineering and system hardening
• Vulnerability discovery and remediation
• Secure system design and architecture reviews
• Technical documentation supporting RMF compliance
• Experience in cloud environments (AWS, Azure, GCP, CI) within federal RMF contexts
• Experience with DevSecOps practices

What you can expect from us

BCore is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation or any other characteristic protected by law.