Overview
On Site
USD 190,000.00 - 200,000.00 per year
Full Time
Skills
Information System Security
ISSE
Security Clearance
Continuous Integration
Computer Science
Security Engineering
Systems Engineering
Systems Architecture
FISMA
FedRAMP
STIG
OWASP
Microsoft
Octave
D3.js
ATLAS
System Security
Information Assurance
Cyber Security
LAN
WAN
Wireless Communication
Cellular
Hypervisor
Microsoft Windows
Linux
OS X
SQL
NoSQL
Web Servers
IPS
FIPS
Cryptography
ICAM
NIST SP 800 Series
CNSS
SAML
OIDC
OAuth
Mobile Development
Mobile Applications
Mobile Device Management
Master Data Management
IOS Development
Android
Security Controls
Regulatory Compliance
Real-time
RTOS
Robotics
Information Security
Risk Assessment
Risk Management
Database
Cloud Security
Identity Management
Configuration Management
Cloud Computing
Web Applications
Firewall
WAF
Encryption
Algorithms
Management
Security QA
Penetration Testing
Vulnerability Assessment
Code Review
Auditing
Incident Management
Recovery
Operating Systems
Programming Languages
Information Systems
CISSP
SAP BASIS
Law
FOCUS
Job Details
Job Description
ECS is seeking a Senior Information System Security Engineer to work in our Washington, DC office.
An Information Systems Security Engineer (ISSE) is responsible for designing, implementing, and maintaining security measures to protect an organization's information systems and data assets from cybersecurity threats and vulnerabilities. Work closely with IT teams, management, and other stakeholders to ensure the confidentiality, integrity, and availability of sensitive information and critical infrastructure.
Salary Range: $190,000 - $200,000
General Description of Benefits
Required Skills
Desired Skills
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
ECS is seeking a Senior Information System Security Engineer to work in our Washington, DC office.
An Information Systems Security Engineer (ISSE) is responsible for designing, implementing, and maintaining security measures to protect an organization's information systems and data assets from cybersecurity threats and vulnerabilities. Work closely with IT teams, management, and other stakeholders to ensure the confidentiality, integrity, and availability of sensitive information and critical infrastructure.
Salary Range: $190,000 - $200,000
General Description of Benefits
Required Skills
- Must have a current Top-Secret Clearance with the capability of Obtaining SCI / CI-Poly if needed to meet contract requirements
- Bachelor's Degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required
- 10+ years of IT related experience
- Expert technical knowledge in security engineering and IT systems engineering.
- Review system architecture to evaluate alignment with:
- FISMA, Executive Orders, National Manager Memos, and FedRAMP
- Required NIST SP 800-53 Rev. 5 or CNSSI 1253 (if NSS)
- DISA STIGs & STGs, CIS benchmarks, OWASP Top 10, ASVS, MASVS, and vendor recommended standards
- Conduct targeted comprehensive threat and risk assessments using:
- NIST SP 800-30, Microsoft STRIDE, DREAD, Fishbone (Ishikawa) Analysis, OCTAVE, P.A.S.T.A., MITRE ATT&CK, D3FEND, SHIELD, and ATLAS frameworks
- Apply secure design principles when recommending remediation and mitigation approaches from:
- NIST SP 800-160 Vol. 1 & 2 (Systems Security Engineering)
- NSA Information Assurance Technical Framework (IATF)
- Evaluate system-level, system of systems, and enterprise-level cybersecurity posture across:
- Networks (LAN/WAN/wireless/cellular)
- Hypervisors, Containers, orchestrators, cloud
- Operating Systems (Windows, Linux, macOS)
- Application logic and APIs
- Databases (SQL/NoSQL)
- Web servers and web logic
- Firewalls and IPS
- Evaluate cross domain solutions for compliance with the National Cross Domain Strategy and Management Office (NCDSMO) Raise the Bar (RTB) standards
- Evaluate cryptographic implementations and ensure compliance with:
- FIPS 140-3
- NIST SP 800-56, 57, 131A, and related series
- Post-quantum cryptography requirements (NIST and NSA)
- Assess Identity, Credential, and Access Management (ICAM) solutions:
- Aligning with NIST 800-63 IAL/AAL/FAL levels
- Support for PIV/CNSS cards, SAML, OIDC, OAuth2
- Assess secure mobile development and deployment:
- Secure mobile applications, MDM/MAM platforms
- Address mobile OS-specific threats (iOS, Android)
- Interpret and provide remediation or mitigation strategies based on:
- Penetration testing results and associated PO&AMs
- Security control assessments
- Vulnerability and compliance scans
- Leverage programming language to review static and dynamic code analysis and provide remediation or mitigation recommendations
- Support mission assurance and security of Operational Technology (OT) systems
- Including real-time operating systems (RTOS) and low-latency requirements
- Building automation systems, robotics, drones, and scientific machines
Desired Skills
- Deep understanding of information security principles, concepts, and best practices.
- Ability to conduct comprehensive risk assessments, identify vulnerabilities, assess threats, and develop risk mitigation strategies.
- Proficiency in designing secure and resilient information systems architectures, including networks, applications, databases, and cloud environments.
- Researched and evaluated emerging security trends and issues to assist customers in improving the security posture of the organization.
- Understanding of cloud security concepts, architectures, and best practices, including identity and access management, data encryption, and secure configuration management in cloud environments.
- Researched web application firewall (WAF) technology limitations and advised development teams on remediation of vulnerabilities not covered by WAF security policies.
- Knowledge of encryption algorithms, cryptographic protocols, and key management principles to protect data at rest, in transit, and in use.
- Proficiency in security testing methodologies, including penetration testing, vulnerability assessment, code review, and security audits.
- Ability to develop and implement incident response plans and procedures, including detection, analysis, containment, eradication, and recovery from security incidents.
- A deep understanding of enterprise operating systems.
- Knowledge of programming languages and tools.
- Certified Information Systems Security Professional (CISSP)
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.