Systems & Technology Research
Information Systems Security Engineer (ISSE)
Systems & Technology Research, Arlington, Virginia, United States, 22201
Information Systems Security Engineer (ISSE)
Arlington, VAAbout the Team:The Security team at STR is comprised of highly skilled professionals who are responsible for maintaining compliance IAW with Government protocol and directives.The Classified Cybersecurity (CCS) team consists of a collaborative group of ISSM’s, ISSO’s, and ISSE’s who are passionate about national security that take great pride in maintaining confidentiality, integrity, and availability of our systems.The Role:STR has an exciting opportunity for an ISSE to function as a key contributor for classified programs Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements.In this dynamic position you will interface and collaborate with other Cybersecurity professionals (ISSM’s, ISSO’s), Security professionals (CPSO’s, FSO’s), and System Administrators, on overall compliance and configuration change management.Please note…this is not a remote and/or hybrid role and requires you to be onsite.Responsibilities:Conduct both vulnerability and compliance scans of Information SystemsSupport the development of Risk Management Framework (RMF) documentation and control validation testing for Authority to Operate (ATO) accreditationsSupport the development of cybersecurity requirements, design, and architectureImplement Information Assurance and Information Security protections and requirements in program development and execution environmentsImplement required security controls of networking devices, databases, operating systems, and hardware and software componentsReview/manage various IA Vulnerability Alerts (IAVA) (i.e., US-CERT, etc.) and overall remediationAssist ISSM’s and ISSO’s in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilitiesConduct reviews/technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functionalSupport completion of Continuous Monitoring requirements IAW RMF and NIST SP800-53 requirementsPerform other tasks as assigned by managerWho you Are:This position requires an active Top Secret security clearance, with the ability to obtain an SAP and SCI access for which U.S. citizenship is needed by U.S. GovernmentTwo (2) to Five (5) years of technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, development, and implementationDoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months upon being hiredExperience with NIST SP800-53 control implementation and assessmentFamiliarity with the DCSA Authorization and Assessment Process Manual (DAAPM) and the Joint Special Access Implementation Guide (JSIG)Experience with configuration/certification and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networksExperience with managing and implementing DISA STIGs and benchmarks in a variety of operations systems (Windows, Linux, Ubuntu)Experience with various IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)Experience with maintaining/managing Security Incident and Event Management (SIEM) and centralized auditing tools (i.e., Splunk, PowerStrux)Familiarity with Microsoft Deployment Toolkit (MDT)Support hardening of new builds of Information Systems (IS) and ensure full functionality before deploymentFamiliarity with Windows and/or Linux scriptingMcAfee/Trellix ePO administration, to include familiarity with DLP componentsDetail oriented and self-motivatedAbility to effectively prioritize multiple projectsAbility to work with people in a team environment and deal effectively with changing project prioritiesSTR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.
#J-18808-Ljbffr
Arlington, VAAbout the Team:The Security team at STR is comprised of highly skilled professionals who are responsible for maintaining compliance IAW with Government protocol and directives.The Classified Cybersecurity (CCS) team consists of a collaborative group of ISSM’s, ISSO’s, and ISSE’s who are passionate about national security that take great pride in maintaining confidentiality, integrity, and availability of our systems.The Role:STR has an exciting opportunity for an ISSE to function as a key contributor for classified programs Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements.In this dynamic position you will interface and collaborate with other Cybersecurity professionals (ISSM’s, ISSO’s), Security professionals (CPSO’s, FSO’s), and System Administrators, on overall compliance and configuration change management.Please note…this is not a remote and/or hybrid role and requires you to be onsite.Responsibilities:Conduct both vulnerability and compliance scans of Information SystemsSupport the development of Risk Management Framework (RMF) documentation and control validation testing for Authority to Operate (ATO) accreditationsSupport the development of cybersecurity requirements, design, and architectureImplement Information Assurance and Information Security protections and requirements in program development and execution environmentsImplement required security controls of networking devices, databases, operating systems, and hardware and software componentsReview/manage various IA Vulnerability Alerts (IAVA) (i.e., US-CERT, etc.) and overall remediationAssist ISSM’s and ISSO’s in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilitiesConduct reviews/technical inspections to identify and mitigate potential security weaknesses and ensure that all security features applied to a system are implemented and functionalSupport completion of Continuous Monitoring requirements IAW RMF and NIST SP800-53 requirementsPerform other tasks as assigned by managerWho you Are:This position requires an active Top Secret security clearance, with the ability to obtain an SAP and SCI access for which U.S. citizenship is needed by U.S. GovernmentTwo (2) to Five (5) years of technical (hands-on) experience related to Information Assurance/Cyber Engineering requirements, development, and implementationDoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months upon being hiredExperience with NIST SP800-53 control implementation and assessmentFamiliarity with the DCSA Authorization and Assessment Process Manual (DAAPM) and the Joint Special Access Implementation Guide (JSIG)Experience with configuration/certification and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networksExperience with managing and implementing DISA STIGs and benchmarks in a variety of operations systems (Windows, Linux, Ubuntu)Experience with various IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)Experience with maintaining/managing Security Incident and Event Management (SIEM) and centralized auditing tools (i.e., Splunk, PowerStrux)Familiarity with Microsoft Deployment Toolkit (MDT)Support hardening of new builds of Information Systems (IS) and ensure full functionality before deploymentFamiliarity with Windows and/or Linux scriptingMcAfee/Trellix ePO administration, to include familiarity with DLP componentsDetail oriented and self-motivatedAbility to effectively prioritize multiple projectsAbility to work with people in a team environment and deal effectively with changing project prioritiesSTR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.
#J-18808-Ljbffr