Gilder Search Group
Information Systems Security Engineer (ISSE)
Gilder Search Group, Virginia, Minnesota, United States, 55792
Information Systems Security Engineer (ISSE)
Open Systems Technologies Corporation is looking for an Information Systems Security Engineer to join our team supporting the Department of Justice.ResponsibilitiesSenior level capabilities regarding Information system security. Knowledgeable of current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture.Develops compliance and standardization within the Government’s policies regarding various information systems.Work closely with Government customers to ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs; infrastructure; application; Security Assessment and Authorization (SAA), IA policy directives (PD) and guides (PG); and IA Security tools (e.g., Tenable.io, Nessus Pro, NMap, etc.).The ISSE shall:Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel.Prepare documentation from templates such as, but not limited to, Configuration Management Plan (CMP), Incident Response Plan (IRP).Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution.Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigate, or apply for an exception via the POA&M processes.Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred).Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture(s) and applicable Federal and PD and PG compliance requirements; document decisions within the CMP.Coordinate security incident and high priority compliance responses with the Enterprise Security Operations Center (ESOC).Represent program security interests in various meetings within and outside of the program.Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M.Coordinate with other system Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary.Ability to assess current and evolving security threats in an operational environment.Required Skills:Clearance:
Top Secret clearance is required; TS/SCI w CI Poly clearance is preferred.Bachelor of Science (B.S.) Degree in Computer Security or related field of study, or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position.Ten (10) years of experience performing security requirement analysis, system design, of computer systems.(ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.).Working Experience: Splunk and Tenable, reading technical and network diagrams, data flows, creating workflows.Authorizations Experience: Experience with the process of obtaining and maintaining Authorization to Operate (ATO) is preferred.Subject Matter Expertise: Demonstrated expertise in information systems security, with a strong technical background and a comprehensive understanding of security protocols and practices.Advanced knowledge beyond operations and maintenance, including a solid background in network security and familiarity with technical aspects such as basic coding and scripting.Ability to think fluidly and adapt to evolving technical challenges, with a proactive approach to learning and problem-solving.Proven experience in working collaboratively within a team environment, contributing to collective goals and initiatives.Demonstrated dedication and investment in the responsibilities and growth associated with the role.Preferred Skills:Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.).One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred).Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions.Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles; and Knowledge of SPLUNK software and tools.Benefits:Our company OST has been operating since 1996 and has various contracts with Government agencies. We offer a comprehensive benefit package that includes 3 weeks paid time off, 11 Paid Holidays, medical/dental coverage, STD, LTD, Life Insurance, AD&D, 401k with up to 4% match, and end of year profit sharing paid out in 401k.
#J-18808-Ljbffr
Open Systems Technologies Corporation is looking for an Information Systems Security Engineer to join our team supporting the Department of Justice.ResponsibilitiesSenior level capabilities regarding Information system security. Knowledgeable of current Information Assurance (IA) technologies to the architecture, design, development, evaluation, and integration of applications, systems, and networks to maintain the system security posture.Develops compliance and standardization within the Government’s policies regarding various information systems.Work closely with Government customers to ensure the confidentiality, integrity, and availability of systems, applications, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs; infrastructure; application; Security Assessment and Authorization (SAA), IA policy directives (PD) and guides (PG); and IA Security tools (e.g., Tenable.io, Nessus Pro, NMap, etc.).The ISSE shall:Have excellent verbal and written communication skills to be able to accurately relate requirements and document all within the appropriate security document and/or within the RMF system and coordinate with program, other system(s), and security personnel.Prepare documentation from templates such as, but not limited to, Configuration Management Plan (CMP), Incident Response Plan (IRP).Must be able to discern the program policies and procedures, identify areas that need work and bring up to management for resolution.Identify IA vulnerabilities and coordinate with the Infrastructure and Development teams to correct, mitigate, or apply for an exception via the POA&M processes.Review vulnerability (i.e., patches, updates, etc.) and compliance (i.e., Security Content Automation Protocol (SCAP) and/or Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) scans on the infrastructure and applications to ensure patch and configuration compliance (on-premises and in the cloud (AWS preferred).Prepare SAA package(s) to obtain and maintain an authority-to-operate (ATO), authority-to-test (ATT), or other SAA authority types for all systems and applications.Attend Configuration Control Board (CCB) meetings and review all change requests for impact to the system/application security posture(s) and applicable Federal and PD and PG compliance requirements; document decisions within the CMP.Coordinate security incident and high priority compliance responses with the Enterprise Security Operations Center (ESOC).Represent program security interests in various meetings within and outside of the program.Schedule and conduct meetings with pertinent program personnel to address findings to determine appropriate path forward and document within the CMP and, if necessary, POA&M.Coordinate with other system Information System Security Officers (ISSO) to ensure that their requirements for interconnection, policy and procedures are met and all documentation is provided and updated as necessary.Ability to assess current and evolving security threats in an operational environment.Required Skills:Clearance:
Top Secret clearance is required; TS/SCI w CI Poly clearance is preferred.Bachelor of Science (B.S.) Degree in Computer Security or related field of study, or in lieu of education, an additional five (5) years of relevant experience that addresses all requirements of the position.Ten (10) years of experience performing security requirement analysis, system design, of computer systems.(ISC)2 Information Security Certification(s) (e.g., CISSP, CAP, etc.).Working Experience: Splunk and Tenable, reading technical and network diagrams, data flows, creating workflows.Authorizations Experience: Experience with the process of obtaining and maintaining Authorization to Operate (ATO) is preferred.Subject Matter Expertise: Demonstrated expertise in information systems security, with a strong technical background and a comprehensive understanding of security protocols and practices.Advanced knowledge beyond operations and maintenance, including a solid background in network security and familiarity with technical aspects such as basic coding and scripting.Ability to think fluidly and adapt to evolving technical challenges, with a proactive approach to learning and problem-solving.Proven experience in working collaboratively within a team environment, contributing to collective goals and initiatives.Demonstrated dedication and investment in the responsibilities and growth associated with the role.Preferred Skills:Experience in a cyber-risk and compliance management system (e.g., Xacta, RiskVision, etc.).One (1) year experience or more configuring, performing, scheduling, reviewing, and assessing vulnerability (i.e., patches, updates, etc.) and compliance (i.e., SCAP and/or DISA STIG) scans on the infrastructure and applications to ensure patch and configuration compliance on-premises and in the cloud (AWS preferred).Technical background that will assist in assessing the NIST SP 800-53 security controls and gather evidence to support conclusions.Knowledge of operating systems, network and application security to aid implementation of information security and assurance principles; and Knowledge of SPLUNK software and tools.Benefits:Our company OST has been operating since 1996 and has various contracts with Government agencies. We offer a comprehensive benefit package that includes 3 weeks paid time off, 11 Paid Holidays, medical/dental coverage, STD, LTD, Life Insurance, AD&D, 401k with up to 4% match, and end of year profit sharing paid out in 401k.
#J-18808-Ljbffr