ClearanceJobs
Information System Security Engineer - Senior
ClearanceJobs, Washington, District of Columbia, us, 20022
Top Secret Information Systems Security Engineer (ISSE)
In an organization dedicated to developing and operating the best possible software for critical national security enterprise applications, you will work as a Top Secret Information Systems Security Engineer (ISSE). This organization utilizes SCRUM and SAFE Agile software development methodology and strong DevOps practices. Your role will involve the secure design, analysis, and testing of information security systems and products. You will ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. You will create and update security test plans for detecting and mitigating risk to information systems. You will engineer and perform tests and test plans to satisfy audits. You will evaluate, validate, and implement solutions for mitigating information systems findings or risks. You will apply methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. You will advise on a range of security-related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts, and potential adverse effects of vulnerabilities. Responsibilities: Responsible for the secure design, analysis, and test of information security systems and products. Ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. Create and update security test plans for detecting and mitigating risk to information systems. Engineer and perform tests and test plans to satisfy audits. Evaluate, validate, and implement solutions for mitigating information systems findings or risks. Apply methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. Advise on a range of security-related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts, and potential adverse effects of vulnerabilities. A typical day in the life on this program involves: Serving as the principal advisor to provide expert knowledge of system functions, security policies, technical safeguards, and operational security measures to include products and systems implemented on a Cloud infrastructure. Designing, analyzing, and testing information security systems, products, cloud architectures, and cloud solutions. Developing, implementing, and evaluating security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability. Drafting and keeping updated security documentation and reporting. Complying with all applicable security protocols. Requirements: Active Top Secret clearance with SCI eligibility. Minimum of 4 years of related experience. Hold one of the following security certifications or equivalent: Security, CGRC, CASP, CISSP. Education: Associate's Degree. In absence of degree, additional years of experience may be substituted for educational requirements. Clearance Required: Top Secret with SCI eligibility Minimum Education: Associate's Degree. In absence of degree, additional years of experience may be substituted for educational requirements Minimum Years of Experience: Minimum of 4 years of related experience. Hold one of the following security certifications or equivalent: Security, CGRC, CASP, CISSP Preferred: Be familiar with NIST 800-53 Rev. 5. AWS/Azure. JIRA/CONFLUENCE. Agile Methodologies. Expertise on Information Security Principles, processes, and guidelines. Able to obtain and maintain an Authority To Operate (ATO) for Information Systems. Analyze logs using Splunk and AWS tools. Scanning tools such as Tenable Nessus. Able to work on multiple projects with various timelines, at times very short deadlines. Certification in one or more of the following: CompTIA Network, CPT: Certified Penetration Tester, CEPT: Certified Expert Penetration Tester, CREA: Certified Reverse Engineering Analyst, CEH: Certified Ethical Hacker, CWAPT: Certified Web Application Penetration Tester
In an organization dedicated to developing and operating the best possible software for critical national security enterprise applications, you will work as a Top Secret Information Systems Security Engineer (ISSE). This organization utilizes SCRUM and SAFE Agile software development methodology and strong DevOps practices. Your role will involve the secure design, analysis, and testing of information security systems and products. You will ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. You will create and update security test plans for detecting and mitigating risk to information systems. You will engineer and perform tests and test plans to satisfy audits. You will evaluate, validate, and implement solutions for mitigating information systems findings or risks. You will apply methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. You will advise on a range of security-related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts, and potential adverse effects of vulnerabilities. Responsibilities: Responsible for the secure design, analysis, and test of information security systems and products. Ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. Create and update security test plans for detecting and mitigating risk to information systems. Engineer and perform tests and test plans to satisfy audits. Evaluate, validate, and implement solutions for mitigating information systems findings or risks. Apply methods, standards, and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. Advise on a range of security-related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts, and potential adverse effects of vulnerabilities. A typical day in the life on this program involves: Serving as the principal advisor to provide expert knowledge of system functions, security policies, technical safeguards, and operational security measures to include products and systems implemented on a Cloud infrastructure. Designing, analyzing, and testing information security systems, products, cloud architectures, and cloud solutions. Developing, implementing, and evaluating security controls, measures, and frameworks in cloud-based systems to ensure data integrity, confidentiality, and availability. Drafting and keeping updated security documentation and reporting. Complying with all applicable security protocols. Requirements: Active Top Secret clearance with SCI eligibility. Minimum of 4 years of related experience. Hold one of the following security certifications or equivalent: Security, CGRC, CASP, CISSP. Education: Associate's Degree. In absence of degree, additional years of experience may be substituted for educational requirements. Clearance Required: Top Secret with SCI eligibility Minimum Education: Associate's Degree. In absence of degree, additional years of experience may be substituted for educational requirements Minimum Years of Experience: Minimum of 4 years of related experience. Hold one of the following security certifications or equivalent: Security, CGRC, CASP, CISSP Preferred: Be familiar with NIST 800-53 Rev. 5. AWS/Azure. JIRA/CONFLUENCE. Agile Methodologies. Expertise on Information Security Principles, processes, and guidelines. Able to obtain and maintain an Authority To Operate (ATO) for Information Systems. Analyze logs using Splunk and AWS tools. Scanning tools such as Tenable Nessus. Able to work on multiple projects with various timelines, at times very short deadlines. Certification in one or more of the following: CompTIA Network, CPT: Certified Penetration Tester, CEPT: Certified Expert Penetration Tester, CREA: Certified Reverse Engineering Analyst, CEH: Certified Ethical Hacker, CWAPT: Certified Web Application Penetration Tester