Clearance Jobs
Job Title: Information Systems Security Engineer (ISSE)
Maxar is seeking a dedicated ISSE to be an integral part of a critical program supporting multiple development teams focused on a suite of web applications. These tools are central to advanced data discovery, analytics, and production capabilities for our government client located in Reston, VA. You will play a vital role in ensuring the security posture of these applications throughout their lifecycle, from development on unsecure networks to secure deployment on high-side government systems. Key Responsibilities: Secure Software Development Lifecycle (SSDLC) Integration: Integrate security practices into all phases of the software development lifecycle (SDLC) for multiple web applications, ensuring security is "baked in" from design to deployment. Security Architecture & Design: Develop, review, and analyze security architectures and designs for web applications, databases, and underlying infrastructure, ensuring compliance with government security mandates (e.g., NIST, RMF, STIGs). Cross-Domain Security Expertise: Provide expert guidance and solutions for securing applications developed on low (unsecure) networks and deployed on high (secure Government) networks, addressing specific challenges of data transfer, sanitization, and access control between domains. Vulnerability Management: Conduct and oversee vulnerability assessments, penetration testing, and security audits of web applications and supporting systems. Analyze results, prioritize findings, and work with development teams to ensure timely remediation and mitigation strategies. Risk Management & ATO Support: Identify, assess, and manage security risks, contributing to the program's overall risk posture. Prepare and maintain comprehensive security documentation (e.g., SSPs, SARs, POA&Ms) to support Assessment & Authorization (A&A) processes and achieve/maintain Authority to Operate (ATO). Security Control Implementation: Advise and assist development teams in the selection, implementation, and verification of appropriate security controls (technical, operational, and management) for web applications and their supporting infrastructure. Policy & Compliance: Interpret and apply relevant government cybersecurity policies, regulations, and guidelines to ensure program compliance. Incident Response Support: Provide security expertise and support during security incidents, contributing to containment, eradication, and recovery efforts. Continuous Monitoring: Support ongoing continuous monitoring activities to maintain the security posture of deployed applications and systems. Collaboration & Communication: Work closely with development teams, system administrators, program managers, and government security stakeholders to foster a strong security culture and ensure effective communication of security requirements and risks. Required Qualifications: Active Top Secret/SCI with CI Polygraph Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field. 8 years of experience as an Information Systems Security Engineer (ISSE) or similar role, with a focus on web application security. Demonstrated experience with the Risk Management Framework (RMF). Experience with secure software development best practices, including static and dynamic application security testing (SAST/DAST) tools. Proficiency in identifying and mitigating common web application vulnerabilities (e.g., OWASP Top 10). Understanding of cross-domain solutions and secure data transfer mechanisms between different security enclaves. Experience in vulnerability scanning tools (e.g., Nessus, ACAS) and Security Technical Implementation Guides (STIGs). Strong analytical and problem-solving skills, with the ability to identify and address complex security challenges. Excellent written and verbal communication skills, capable of translating technical requirements and risks to diverse audiences. Relevant cybersecurity certification (e.g., CISSP, CASP+, CEH, Security+). Preferred Qualifications: Familiarity with agile development methodologies. Experience in a government or defense contracting environment. Advanced degree in a cybersecurity-related field. Nice to Have: Technical experience in software development, information technology, networking, or related field Experience working in an agile environment with an agile team Intelligence Community experience We offer: Corporate partner, industry training. Peer groups. Paid certifications. Education reimbursement. Hackathons! and much more... Maxar Technologies values diversity in the workplace and is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.
Maxar is seeking a dedicated ISSE to be an integral part of a critical program supporting multiple development teams focused on a suite of web applications. These tools are central to advanced data discovery, analytics, and production capabilities for our government client located in Reston, VA. You will play a vital role in ensuring the security posture of these applications throughout their lifecycle, from development on unsecure networks to secure deployment on high-side government systems. Key Responsibilities: Secure Software Development Lifecycle (SSDLC) Integration: Integrate security practices into all phases of the software development lifecycle (SDLC) for multiple web applications, ensuring security is "baked in" from design to deployment. Security Architecture & Design: Develop, review, and analyze security architectures and designs for web applications, databases, and underlying infrastructure, ensuring compliance with government security mandates (e.g., NIST, RMF, STIGs). Cross-Domain Security Expertise: Provide expert guidance and solutions for securing applications developed on low (unsecure) networks and deployed on high (secure Government) networks, addressing specific challenges of data transfer, sanitization, and access control between domains. Vulnerability Management: Conduct and oversee vulnerability assessments, penetration testing, and security audits of web applications and supporting systems. Analyze results, prioritize findings, and work with development teams to ensure timely remediation and mitigation strategies. Risk Management & ATO Support: Identify, assess, and manage security risks, contributing to the program's overall risk posture. Prepare and maintain comprehensive security documentation (e.g., SSPs, SARs, POA&Ms) to support Assessment & Authorization (A&A) processes and achieve/maintain Authority to Operate (ATO). Security Control Implementation: Advise and assist development teams in the selection, implementation, and verification of appropriate security controls (technical, operational, and management) for web applications and their supporting infrastructure. Policy & Compliance: Interpret and apply relevant government cybersecurity policies, regulations, and guidelines to ensure program compliance. Incident Response Support: Provide security expertise and support during security incidents, contributing to containment, eradication, and recovery efforts. Continuous Monitoring: Support ongoing continuous monitoring activities to maintain the security posture of deployed applications and systems. Collaboration & Communication: Work closely with development teams, system administrators, program managers, and government security stakeholders to foster a strong security culture and ensure effective communication of security requirements and risks. Required Qualifications: Active Top Secret/SCI with CI Polygraph Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field. 8 years of experience as an Information Systems Security Engineer (ISSE) or similar role, with a focus on web application security. Demonstrated experience with the Risk Management Framework (RMF). Experience with secure software development best practices, including static and dynamic application security testing (SAST/DAST) tools. Proficiency in identifying and mitigating common web application vulnerabilities (e.g., OWASP Top 10). Understanding of cross-domain solutions and secure data transfer mechanisms between different security enclaves. Experience in vulnerability scanning tools (e.g., Nessus, ACAS) and Security Technical Implementation Guides (STIGs). Strong analytical and problem-solving skills, with the ability to identify and address complex security challenges. Excellent written and verbal communication skills, capable of translating technical requirements and risks to diverse audiences. Relevant cybersecurity certification (e.g., CISSP, CASP+, CEH, Security+). Preferred Qualifications: Familiarity with agile development methodologies. Experience in a government or defense contracting environment. Advanced degree in a cybersecurity-related field. Nice to Have: Technical experience in software development, information technology, networking, or related field Experience working in an agile environment with an agile team Intelligence Community experience We offer: Corporate partner, industry training. Peer groups. Paid certifications. Education reimbursement. Hackathons! and much more... Maxar Technologies values diversity in the workplace and is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.