Information Systems Security Engineer

Description

SAIC is seeking a highly motivated, detail-oriented, and experienced Information Systems Security Engineer (ISSE) to join our lead systems integrator team in Arlington, Virginia. The ISSE will be responsible for designing and engineering secure, cloud ready platforms, implementing Zero Trust-aligned controls, automating cyber platform configuration/compliance, integrating detection and response (SOAR), and building guardrails that ensure confidentiality, integrity, and availability for mission systems. The ISSE will implement and continually harden the cybersecurity posture of classified information systems in support of the Department of the Air Force's (DAF) Cloud Base Command and Control (CBC2) Program.

The ideal candidate brings a strong systems and security engineering background (Linux/Windows, containers/Kubernetes, networking, identity, and cloud), experience architecting security patterns and automating enforcement (Terraform/Ansible, Python/PowerShell/Bash), and a practical understanding of how engineering enables ATO readiness in high tempo environments. The successful candidate will have excellent communication, organizational, and problem solving skills and will be expected to balance and adjust work priorities to meet short deadlines.

The position is on-site in Arlington, VA.

Key Types of Responsibilities

• Design and implement security architectures and platform guardrails for mission systems across compute, network, identity, and data planes (on prem, cloud, and hybrid), aligned to Zero Trust principles (segmentation, strong identity, least privilege, continuous verification).

• Engineer platform hardening and baselines for Linux/Windows hosts, container/Kubernetes clusters, and cloud services; automate configuration and drift detection via Infrastructure as Code (IaC) (e.g., Terraform/Ansible) and policy as code (e.g., OPA/Conftest).

• Implement and validate STIG/SRG requirements through automated checks and CI/CD gates; integrate results into pipelines to prevent configuration regressions.

• Develop Security Test Procedures (STPs) and automated security tests (SAST/DAST/SCA) in CI/CD; support assessment & authorization by producing technical evidence from engineering telemetry rather than manual artifact creation.

• Build detection and response integrations (e.g., EDR, IDS/IPS, cloud threat detection, log pipelines) and tune signals with engineering teams to reduce noise and accelerate incident triage.

• Conduct risk and vulnerability assessments focused on exploitability and blast radius; orchestrate scanning, exploit repro where appropriate, and engineer remediations that are scalable and repeatable.

• Collaborate with ISSMs, platform engineers, and mission owners to address risk through architecture choices (segmentation, mTLS, key/secret management, token based auth), bringing systems to ATO readiness and maintaining posture throughout the lifecycle.

• Engineer identity and access controls (RBAC/ABAC, OAuth2/OIDC, SAML, SCIM) across applications and clusters; enforce least privilege and just in time access with automated provisioning.

• Establish telemetry and compliance automation (e.g., CSPM/KSPM/CNAPP tools, configuration baselines, drift alerts) to monitor systems for evolving threats and misconfigurations.

• Synchronize inspections, tests, and reviews with affected parties; drive technical fixes into backlogs and pipelines to ensure enduring compliance and resilience.

• Read and interpret dataflow, network, and other developmental diagrams; produce architecture decision records (ADRs) and concise engineering documentation.

• Write and utilize documentation that translates complex security engineering into repeatable patterns for developers and operators.

Qualifications

Desired Skills/Experience:

• Current certification such as CASP+, CCNP Security, CISSP, CISA, CCSP (or equivalent).

• Hands on engineering experience with: host and container hardening; Kubernetes security (RBAC/NetworkPolicies, PodSecurity, image signing); cloud platform security (AWS/Azure/GCP IAM and network controls); and security tools such as encryption technologies, intrusion detection/prevention, EDR, and penetration testing frameworks.

• Moderate scripting proficiency to automate configuration, compliance checks, and data handling (e.g., Python, PowerShell, Bash).

• Experience working with cross functional engineering and security teams in classified environments, delivering secure platforms under tight timelines.

• Ability to communicate effectively with multiple stakeholders, translating risk into engineering actions and measurable outcomes.

• Bachelor's Degree in Computer Science, Software Engineering, or IT Engineering.

• 9 years of experience in Cybersecurity (with emphasis on security engineering, architecture, and platform hardening).

• Active Secret clearance with the ability to obtain TS/SCI

REQNUMBER: 2613796

SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability