Information Systems Security Officer (ISSE I) (Government)

AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers' mission.

The scope of this Contract requires specialized expertise in areas such as high-performance computing (HPC), automated processing systems, distributed software design, and secure hosting and networking solutions. The IT infrastructure consists primarily of Linux. The environment includes a variety of network devices, server interconnections, mass storage solutions, and essential supporting infrastructure services. The services provided under this Contract support areas including HPC, infrastructure maintenance for HPC systems, networking, office automation, and the development of specialized software.

AT&T has an opening for an Information Systems Security Engineer to support information assurance programs and ensure the security posture of mission critical systems. The ISSE will play a key role in supporting security authorization activities in alignment with program and government requirements.

Description of Job Duties/Responsibilities:

The Information Systems Security Engineer (ISSE) supports the engineering, assessment, and authorization of secure information systems and enclave environments. This role conducts technical security assessments to identify vulnerabilities and non-compliance with Information Assurance (IA) requirements; validates security requirements; and contributes to secure-by-design solutions across networking, computer, and multi-enclave architectures with varying data protection and classification needs. The ISSE partners with system architects, developers, and stakeholders to ensure consistent application of security policy and enterprise solutions and supports risk management activities throughout the system life cycle in alignment with DoD and IC security frameworks.

Key Responsibilities:

• This position requires office presence a minimum of 5 days per week and is only located in the location(s) posted. No relocation is offered. Work to be performed at government customer site.

• Perform and/or review technical security assessments to identify vulnerabilities, weaknesses, and non-compliance with IA standards; recommend and track mitigation strategies.
• Validate and verify system security requirements and contribute to security requirements definition and analysis.
• Establish and support system security designs for networking, computing, and enclave environments, including multi-enclave solutions with differing data protection/classification needs.
• Design, develop, implement, and/or integrate security controls and security-relevant system components into operational environments (secure-by-design/secure-by-default).
• Partner with architects and system developers to identify and implement appropriate security functionality that aligns with agency policy and enterprise solutions.
• Support the development of security architectures and enforce trusted relationships among external systems and architectures.
• Assess and mitigate system security threats and risks across the program and engineering life cycle.
• Support security planning, assessment, risk analysis, and risk management activities for system and network operations.
• Review certification and accreditation / authorization documentation and provide feedback on completeness and compliance.
• Support security authorization activities in compliance with NSA/CSS NISCAP, DoD RMF, and the NIST RMF, as well as applicable NSA/CSS security engineering business processes.

Technical Skills and Tools:

• Risk Management Framework (RMF) knowledge, including end-to-end RMF process execution, Authority to Operate (ATO) support, security control implementation/assessment, and continuous monitoring.

• Experience with RMF tools such as LATTEART, XACTA, BISCOTTI, WATCHCAT, and STE.
• Familiarity with NIST guidance, including NIST SP 800-53 (Rev. 5 and/or Rev. 3) and NIST SP 800-37, and applying security controls to system and network environments.
• Hands-on experience supporting Assessment & Authorization (A&A), including security control traceability, boundary definition, artifacts and body of evidence (BoE), and documentation quality/completeness reviews.
• Experience implementing technical security requirements, including STIG implementation, false positive validation, patch management, and technical validation activities.
• Knowledge of IA principles (confidentiality, integrity, availability, non-repudiation, and access control).
• Understanding of security engineering across the system development life cycle (requirements, design, integration, testing, and sustainment).
• Experience contributing to secure system and network design (e.g., enclave environments, system integration, and trusted relationships with external systems), including cross-domain and/or multi-enclave architectures.
• Exposure to COTS/GOTS cryptography integration considerations.
• Experience implementing or assessing identification, authentication, and authorization mechanisms.
• Familiarity with common security engineering functions such as configuration control, change management, auditing, incident handling, contingency planning, and intrusion detection.
• Experience using scanning tools for compliance, configuration, and vulnerability assessment (e.g., compliance/configuration scanners) and interpreting results to support remediation.

Required Clearance: TS/SCI with polygraph. (#ts/sci) (#polygraph)

Required Qualifications:

Seven (7) years of experience as an ISSE on programs and contracts of similar scope, type, and complexity required. Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. Four (4) years of ISSE experience may be substituted for a bachelor's degree.

• DOD 8570 compliance with IASAE Level 2 is required.

Ready to join our team? Apply today!

Our Information Systems Security Officer (ISSE Skill Level I) (Government) earns between $98,100 - $175,780 yearly. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays) *Pro-rated when working less than 40 hrs/wk.
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected • Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone

Weekly Hours:
40

Time Type:
Regular

Location:
Columbia, Maryland

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, AT&T will provide reasonable accommodations for qualified individuals with disabilities. AT&T is a fair chance employer and does not initiate a background check until an offer is made.