Information Systems Security Engineer

Hoplite Solutions is seeking an Information Systems Security Engineer (ISSE) who will be responsible for designing, developing, and implementing secure information systems that support mission operations. The ISSE collaborates with multidisciplinary teams - including Information Systems Security Managers (ISSMs), software developers, systems engineers, and government stakeholders-to integrate effective security controls and ensure systems remain resilient against evolving threats and vulnerabilities. The ISSE also installs and maintains security scanning tools, performs vulnerability assessments, and reviews scan results to identify and remediate security risks. Additionally, the role ensures security tools and controls are properly integrated into the DevSecOps CI/CD pipeline, supporting continuous security testing and monitoring throughout the system lifecycle.

Primary Responsibilities:

• Applying system security engineering principles in areas such as system security design, lifecycle engineering, authentication and authorization mechanisms, cryptography, intrusion detection, contingency planning, incident handling, auditing, configuration management, and change control.
• Conducting or supporting technical cybersecurity assessments and security audits.
• Coordinating with cybersecurity personnel and recommending mitigation strategies to reduce risk.
• Identifying system vulnerabilities and instances of non-compliance with cybersecurity standards and regulatory requirements.
• Collaborating with DevSecOps teams to review vulnerability scan results and support remediation of findings.
• Performing vulnerability scans using approved customer tools and generating reports detailing findings and remediation progress.
• Install, configure, and maintain security scanning and monitoring tools, ensuring they are properly integrated within system environments and DevSecOps pipelines.
• Review vulnerability scan results, track remediation efforts, and coordinate with engineering teams to resolve identified security findings.
• Support the Risk Management Framework (RMF) authorization process by reviewing security documentation and providing risk based recommendations to stakeholders regarding system risk posture as part of Authority to Operate (ATO) activities.
• Manage and track Plans of Action and Milestones (for customer-sponsored systems, coordinating with key stakeholders including ISSOs, ISSEs, ISSMs, and Security Control Assessors (SCAs).

Basic Qualifications:

• Experience conducting routine vulnerability scanning, providing formal and informal reports to technical teams, and tracking remediation activities.
• Experience monitoring system and network security using Security Information and Event Management (SIEM) tools.
• Experience reviewing security bulletins, threat intelligence, and vulnerability advisories to stay informed of current threats and emerging attack techniques.
• Experience tracking Common Vulnerabilities and Exposures (CVEs) and mapping them to internal controls and remediation strategies.
• Experience auditing systems to ensure compliance with secure configuration baselines and cybersecurity policies.
• Investigate and respond to cyber security incidents (system and/or network breaches, malware attacks).
• Experience using at least two vulnerability scanning tools, such as AWS Inspector, Tenable Security Center, Rapid7 Nexpose, SonarQube, or OWASP security tools.
• System & network security monitoring with security information event management tools.
• At least 1 Certification: CISSP, Splunk, Network+, Security+, OSCP, CEH, CASP+, ISSEP
• Requires BS degree and 12 or more years of prior relevant experience. Will consider experience in lieu of a degree. Candidate without Bachelor's Degree will be considered on a case-by-case basis and will be required to have an additional 4 years of related information security experience.
• Candidate must have an active TS/SCI with polygraph

Preferred Qualifications:

• Experience with Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools.
• Experience using Splunk, including creating dashboards and security monitoring visualizations.
• Familiarity with cloud computing platforms, such as AWS, Oracle Cloud, or Google Cloud Platform (GCP).

At Hoplite Solutions, we pride ourselves on offering competitive salaries and a comprehensive benefits package. This includes full coverage for health, dental, and vision insurance for both individuals and families, along with 100% coverage for life insurance, long-term and short-term disability. Additionally, we match up to 7% of employees' contributions to their 401(k) funds and follow the federal holiday calendar for paid holidays. With 4 weeks of paid time off and $5,000 yearly for education assistance or technical training, we're dedicated to supporting our employees' professional and personal growth.