Information System Security Engineer (ISSE)

  • Mechanicsburg, PA
  • Posted 22 days ago | Updated moments ago

Overview

On Site
BASED ON EXPERIENCE
Full Time
Contract - W2
Contract - Independent

Skills

Information system security
Information security management
NIST SP 800 Series
Risk management framework
Attention to detail
DoD
Certification and accreditation
Project delivery
Business systems
IT security
Information systems
Security controls
Risk assessment
Change control
Cyber security
Incident management
Business continuity planning
Disaster recovery
Technical writing
Problem solving
Intrusion detection
Vulnerability assessment
Information assurance
Risk analysis
Computer science
Information security
ISSE
SANS
JD
Authorization
Documentation
PMO
Operations
Editing
Management
FISMA
FIPS
National Institute of Standards and Technology
Publications
Auditing
Testing
RMF
Reporting
Communication
eMASS
Firewall
Impact analysis
DIACAP
Governance
Regulatory Compliance
CompTIA
CISM
CISSP
Leadership
GSLC

Job Details

Information System Security Engineer (ISSE)
Location - Mechanicsburg, Pennsylvania (Remote)
Department - Project Delivery - Federal
FTE
JD-
Responsibilities:
  • Review, analyze, and evaluate business systems and user needs, specifically about Authorization and Accreditation (A&A) (security requirements and documentation support) for the Navy, Plans of Action, and Milestones (POA&Ms), and documentation support.
  • Interact daily with the PMO, Operations, and IT Security teams to address the needs of A&A and POA&M remediation.
  • Write, edit, and/or manage a wide range of IT Security documentation and be familiar with federal IT standards such as the Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), NIST Special Publications (SPs), and NIST SP 800-37 Rev 1 (Guide for Applying the Risk Management Framework to Federal Information Systems: Security Life Cycle Approach).
  • Perform internal audits of the systems before third-party audits.
  • Participate in security control implementation, testing efforts, and vulnerability-level risk assessments.
  • Assist in mitigating and closing open vulnerabilities under the system's change control process.
  • Play a role in reviewing and updating RMF Cyber Security documentation.
  • Perform other related duties as assigned.
  • Ensure plans and channels are in place for incident response, business continuity, disaster recovery, and vulnerability and threat reporting.
  • Perform other related duties as assigned.


Required Skills/Abilities:
  • Must demonstrate:
    • Excellent verbal and written communication skills.
    • Strong technical writing skills.
    • Excellent problem-solving skills.
    • Attention to detail and accuracy.
    • Ability to work independently and in a team environment.
    • A thorough understanding and knowledge of the RMF process IAW the Navy RMF Process Guide.
  • Must have experience working with the following:
    • Enterprise Mission Assurance Support Service (eMASS)
  • Security technologies such as firewalls, intrusion detection, prevention systems, and vulnerability assessment tools.
  • IA tools and scanners used to evaluate the security posture of the system/enclave.

Required Experience:
  • Must have at least 3 years of experience following the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and/or RMF (RMF is preferred) experience:
    • Experience in RMF testing of all CS requirements and analysis required to complete an RMF package document for submittal and approval.
    • Experience performing vulnerability risk analysis on the deficiencies found during RMF testing.
  • Experience with IA tools and scanners used to evaluate the security posture of the system/enclave.

Education Level:
  • A degree in Computer Science is preferred but not required.

Required Certifications:
  • Must have one of the following:
    • Current Certified in Governance, Risk, and Compliance (CGRC)
    • Current CompTIA Advanced Security Practitioner (CASP+)
    • Current Certified Information Security Manager (CISM)
    • Current Certified Information Systems Security Professional (CISSP)
    • Current GIAC Security Leadership (GSLC)
    • Current Certified Chief Information Security Officer (CCISO)

About My IT LLC