Information System Security Engineer

Job Family:
Cyber Consulting

Travel Required:
Up to 10%

Clearance Required:
Ability to Obtain Public Trust

What You Will Do:

• System Boundary Analysis: Define and maintain system security boundaries across hybrid cloud and on-premises environments, including AWS & Azure CSPs, VMware infrastructure, and legacy datacenter assets.
• Authorization Package Development: Author and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related NIST RMF artifacts for all OCIO-managed systems.
• Continuous Monitoring: Implement and oversee continuous ATO processes aligned with NIST SP 800-137 and OSCAL-based automation, ensuring real-time visibility into system posture.
• Control Inheritance Mapping: Map technical controls across shared service environments, identifying common controls, system-specific controls, and hybrid inheritance relationships as systems migrate to cloud.
• GRC Tool Administration: Manage the ingestion of infrastructure telemetry, vulnerability data, and configuration baselines into GRC platforms to automate compliance evidence collection.
• Network Security Architecture: Evaluate and advise on network segmentation, firewall rules, TIC 3.0 compliance, F5 load balancer configurations, DNS security, and encrypted transit between enclaves and cloud environments.
• Cloud Security Posture: Assess and harden CSP environments including VPC design, Security Groups, IAM policies, CloudTrail/GuardDuty integration, and encryption-at-rest/in-transit configurations.
• Vulnerability Management: Collaborate with the SOC team and infrastructure teams to contextualize vulnerability findings from Tenable and similar tools, prioritizing remediation based on exploitability, exposure, and mission impact-not just CVSS scores.
• Infrastructure Security Reviews: Conduct security assessments of proposed architecture changes, migration plans, and new technology deployments.
• Incident Support: Provide senior-level technical analysis during security incidents, bridging the gap between SOC triage and executive risk communication.
• ISSO Liaison: Work alongside ISSOs to translate technical system changes (network reconfigurations, cloud migrations, new integrations) into risk language and updated authorization documentation.
• SOC Mentorship: Elevate the SOC team's understanding of governance context, helping analysts understand how their detection and response activities map to broader risk management and compliance objectives.
• Technical Translation: Serve as the connective tissue between infrastructure engineers, application teams, ISSOs, and leadership-ensuring security decisions are informed by both technical facts and organizational risk tolerance.
• Vendor Coordination: Engage with contractors and vendors on security requirements, ensuring deliverables meet federal security standards.

What You Will Need:

• ship is required
• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred
• Minimum of SEVEN (7) years of progressive experience in cybersecurity engineering
• Minimum of THREE (3) years of experience in a federal civilian or DoW IT environment with direct involvement in NIST RMF (SP 800-37), FedRAMP, or equivalent authorization processes.
• Demonstrated experience defining or modifying system security boundaries in environments undergoing cloud migration or infrastructure modernization.
• Hands-on experience with at least three of the following: VMware/vSphere administration, AWS cloud services (VPC, IAM, CloudTrail, GuardDuty), network security (firewalls, IDS/IPS, TIC architectures), vulnerability management platforms (Tenable, Qualys), SIEM/monitoring platforms (Dynatrace, Splunk, or equivalent), load balancers and application delivery controllers (F5, etc.), and enterprise identity and access management.
• CISSP (Certified Information Systems Security Professional) - Active and in good standing AND at least one of the following:
  • CCSP (Certified Cloud Security Professional)
  • AWS Security Specialty Certification
  • CISM (Certified Information Security Manager)
  • CASP+ (CompTIA Advanced Security Practitioner)

What Would Be Nice To Have:

• Experience with ColdFusion, .NET, and other legacy application environments and associated security considerations.
• Familiarity with Oracle database security hardening and monitoring.
• Experience with GRC platforms such as Archer, Xacta, eMASS, or RegScale.
• Knowledge of CISA BOD compliance requirements, including BOD 22-01 (Known Exploited Vulnerabilities) and BOD 23-01 (asset visibility).
• Experience developing or contributing to agency-level cybersecurity policies and procedures.
• Prior experience supporting OIG audits or FISMA reporting requirements.
• Familiarity with federal acquisition and contractor oversight from a security requirements perspective.
• Public Trust Clearance or ability to obtain one

The annual salary range for this position is $113,000.00-$188,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend

About Guidehouse

Guidehouse is an Equal Opportunity Employer-Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1- or via email at All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse's Ethics Hotline. If you want to check the validity of correspondence you have received, please contact Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant's dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.