OverviewVTG is seeking an Information Systems Security Engineer (ISSE) for a technical development program supporting cloud-based applications, and its associated cloud infrastructure located on a highly secure network. The ISSE will work with a large team of developers, system engineers, DevOps engineers, database administrators, and system architects.
What will you do? The ISSE will participate in the team's regularly scheduled Agile tag up (scrum) meetings and report on the status of their assigned Jira issues
Attend ad-hoc TEMs with the team to discuss and weigh in on numerous architectural aspects of the systems for assessing security impacts that may arise with system changes
Assist with and/or lead security scans of the systems and report and analyze findings for impacts
Review any security findings (CVEs) as noted by outside entities for system impact analysis and how best to proceed with addressing them
Participate in team TEMs and review future system changes/new features for security impacts
Primary Responsibilities
Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines
Participate in creating secure architectures and designs
Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements
Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts
Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
Performing vulnerability scanning and analysis of the system
Perform remediation and develop security implementations based on security findings
Interface with Information System Security Managers (ISSM) to develop and accredit the system
Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief management
Do you have what it takes?- Active TS/SCI with Polygraph
- Experience level: 6-10 years
Active TS/SCI with Polygraph
Typically requires a Bachelor of Science (BS) degree, or relevant demonstrable experience
Other qualifications:
o Hands on experience with Linux (CLI)
o Hands on experience with scripting and programming languages like BASH and Python
o Solid understanding of, experience with networking (e.g., ports, routing tables, subnets, VPNs, firewalls, routers, etc.) to include design, integration and troubleshooting issues
o Experience in working on teams utilizing Agile workflows and processes
o Strong understanding of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and Common Vulnerabilities and Exposures (CVEs)
o Experience with RMF workflow tools
o Strong communication, organizational, and writing skills
Must be able to clearly and directly articulate their findings and recommendations.
Must be open minded to considering alternative approaches to possible security issues noted by other team members
Never miss an opportunity! Create an alert based on the job you applied for.
