STR
Information Systems Security Engineer (ISSE)
Woburn, MA Overview
The Security team at STR is responsible for maintaining compliance with Government protocol and directives. The Classified Cybersecurity (CCS) team includes ISSMs, ISSOs, and ISSEs who are dedicated to maintaining Confidentiality, Integrity, and Availability of our information systems and enabling STR’s portfolio across a broad customer base. This role supports the Cybersecurity/Risk Management Framework (RMF) program for classified programs. In this role you will collaborate with Cybersecurity professionals (ISSMs, ISSOs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization. You will help ensure overall compliance, manage configuration changes, support security architecture, and stay current with technologies. Note: this is not a remote or hybrid role and requires on-site work. Responsibilities
Conduct vulnerability and compliance scans of Information Systems. Support RMF documentation development and control validation testing for Authority to Operate (ATO) accreditations. Develop cybersecurity requirements, design, and architecture for current and emerging program needs. Implement information assurance and information security protections in program development and execution environments. Apply security controls to networking devices, databases, operating systems, and hardware/software components. Assist ISSMs and ISSOs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate vulnerabilities. Conduct reviews and inspections to identify and mitigate security weaknesses and ensure security features are implemented and functional. Support Continuous Monitoring requirements in accordance with RMF and NIST SP800-53. Perform other tasks as assigned by the manager. Qualifications and Requirements
Security Clearance:
Active Top Secret clearance with the ability to obtain SAP and SCI access (U.S. citizenship required). Experience:
3–5 years of hands-on Information Assurance/Cyber Engineering experience, including requirements development and implementation. Certification:
DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months of hire. Familiarity:
Knowledge of the DAAPM and JSIG. Technical Skills:
Configuration, certification, and auditing of Windows/Linux OS and virtualization in LAN/WAN environments. Managing DISA STIGs and benchmarks across Windows, RHEL, Ubuntu. IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, SCAP). SIEM and centralized auditing tools (e.g., Splunk, PowerStrux). Microsoft Deployment Toolkit (MDT) familiarity. Hardening of new IS builds and ensuring full functionality before deployment. Scripting in Windows and/or Linux. Experience with McAfee/Trellix ePO and DLP components. Experience in one or more: AI, DevSecOps, Cloud or Containerization. Experience with NIST SP800-53 control implementation and assessment.
Attributes:
Excellent communication, detail-oriented, self-starter with a focus on STR CCS and CIT processes, a desire for continuous improvement, and the ability to manage multiple fast-changing priorities/projects. About STR
STR is a growing technology company with locations near Boston, MA; Arlington, VA; Dayton, OH; Melbourne, FL; and Carlsbad, CA. We specialize in advanced R&D for defense, intelligence, and national security in cyber, sensors, radar, sonar, communications, electronic warfare, and AI analytics. We are committed to a collaborative learning environment and recognize the contributions of all team members. We are an equal opportunity employer. If you require a reasonable accommodation during the employment process, please email appassist@str.us. Voluntary Self-Identification
We request voluntary self-identification for government reporting purposes. Completion is confidential and does not affect hiring decisions. See the company’s EEO policy for details.
#J-18808-Ljbffr
Woburn, MA Overview
The Security team at STR is responsible for maintaining compliance with Government protocol and directives. The Classified Cybersecurity (CCS) team includes ISSMs, ISSOs, and ISSEs who are dedicated to maintaining Confidentiality, Integrity, and Availability of our information systems and enabling STR’s portfolio across a broad customer base. This role supports the Cybersecurity/Risk Management Framework (RMF) program for classified programs. In this role you will collaborate with Cybersecurity professionals (ISSMs, ISSOs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization. You will help ensure overall compliance, manage configuration changes, support security architecture, and stay current with technologies. Note: this is not a remote or hybrid role and requires on-site work. Responsibilities
Conduct vulnerability and compliance scans of Information Systems. Support RMF documentation development and control validation testing for Authority to Operate (ATO) accreditations. Develop cybersecurity requirements, design, and architecture for current and emerging program needs. Implement information assurance and information security protections in program development and execution environments. Apply security controls to networking devices, databases, operating systems, and hardware/software components. Assist ISSMs and ISSOs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate vulnerabilities. Conduct reviews and inspections to identify and mitigate security weaknesses and ensure security features are implemented and functional. Support Continuous Monitoring requirements in accordance with RMF and NIST SP800-53. Perform other tasks as assigned by the manager. Qualifications and Requirements
Security Clearance:
Active Top Secret clearance with the ability to obtain SAP and SCI access (U.S. citizenship required). Experience:
3–5 years of hands-on Information Assurance/Cyber Engineering experience, including requirements development and implementation. Certification:
DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months of hire. Familiarity:
Knowledge of the DAAPM and JSIG. Technical Skills:
Configuration, certification, and auditing of Windows/Linux OS and virtualization in LAN/WAN environments. Managing DISA STIGs and benchmarks across Windows, RHEL, Ubuntu. IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, SCAP). SIEM and centralized auditing tools (e.g., Splunk, PowerStrux). Microsoft Deployment Toolkit (MDT) familiarity. Hardening of new IS builds and ensuring full functionality before deployment. Scripting in Windows and/or Linux. Experience with McAfee/Trellix ePO and DLP components. Experience in one or more: AI, DevSecOps, Cloud or Containerization. Experience with NIST SP800-53 control implementation and assessment.
Attributes:
Excellent communication, detail-oriented, self-starter with a focus on STR CCS and CIT processes, a desire for continuous improvement, and the ability to manage multiple fast-changing priorities/projects. About STR
STR is a growing technology company with locations near Boston, MA; Arlington, VA; Dayton, OH; Melbourne, FL; and Carlsbad, CA. We specialize in advanced R&D for defense, intelligence, and national security in cyber, sensors, radar, sonar, communications, electronic warfare, and AI analytics. We are committed to a collaborative learning environment and recognize the contributions of all team members. We are an equal opportunity employer. If you require a reasonable accommodation during the employment process, please email appassist@str.us. Voluntary Self-Identification
We request voluntary self-identification for government reporting purposes. Completion is confidential and does not affect hiring decisions. See the company’s EEO policy for details.
#J-18808-Ljbffr