Information Systems Security Engineer

Overview Employment in this role is conditional upon successful execution of the contract by the client. The Work The Information Systems Security Engineer (ISSE) is responsible for the security engineering, implementation, and continuous monitoring of information systems in compliance with federal regulations, agency policies, and industry best practices. The ISSE provides subject matter expertise in all aspects of system security architecture, controls implementation, risk assessment, and accreditation processes, ensuring the confidentiality, integrity, and availability of IT assets. Responsibilities Key Responsibilities Perform Information Systems Security Engineer duties consistent with the labor category and required RMF experience. Support security architecture and security engineering activities aligned to DCWF work roles (Security Architect; Information Systems Security Developer; Cyber Defense Infrastructure Support Specialist). Support security control assessment and ISSM coordination activities aligned to DCWF work roles (Security Control Assessor; Information Systems Security Manager). Maintain and apply required IAT/M certification level (II or III) within the scope of assigned duties. Stay up to date on emerging technologies, exploits, vulnerabilities, and hacker techniques and provide briefings and reports to leadership. Train staff on, and oversee the use of, information security standards, policies, and best practices while performing duties outlined in national standards including, but not limited to: CNSSI 4009, NIST 800-37, and NIST 800-160. Understand system engineering and cybersecurity concepts and methodologies at the professional level with knowledge equivalent to: Certified Information Systems Security Professional, Cisco Certified Network Professional, VMWare Certified Professional, or similar certifications. Create, draft, and maintain Security Assessment and Authorization packages along with assisting and consulting in the development of information security procedures. Provide artifacts for RMF packages including, but not limited to: Security Plans, Security Assessment Reports, Security Controls Traceability Matrix, and Plan of Action and Milestones. Ensure systems comply with Cybersecurity and Information Assurance and Cybersecurity standards and best practices including, but not limited to: Endpoints, Switches, Routers, Firewalls, and Servers. Assist and consult in technical management including, but not limited to: Business/Mission Analysis, System Requirements Definitions, System Architecture, Defense in Depth, Zero Trust, Domain Separation, and Disaster Recovery. Assist/consult in technical processes including, but not limited to: Project Planning, Configuration Management, Risk Management, and Information Management. Ensure proper implementation of technical security controls and measures including, but not limited to: STIGs, AAA, VPN, Public Key Infrastructure (PKI), Identity, Credential, and Access Management (ICAM), and Security Patches. Ensure all systems are properly logging events to include but not limited to: the Security Incident and Event Monitor (SIEM) used for live monitoring and alerts. Perform system audits, vulnerability scans, and threat assessments on all networks including, but not limited to: System Analysis/Forensics and Anomaly Detection. Perform incident response activities and conduct investigations of information security breaches to identify vulnerabilities and evaluate the damage including, but not limited to: Provide Intelligence, Provide Reports and Malware. Other duties as assigned. Qualifications Qualifications – Here’s What You Need The qualifications and skills listed below are intended to provide a general overview of the requirements for this position. However, due to the anticipated nature of the contract and the absence of a finalized task order from the client, this list should not be considered all-encompassing. Additional qualifications, certifications, skills, or experience specific to the client’s requirements may be identified and requested upon award of the task order. Candidates should demonstrate flexibility and a willingness to adapt to evolving responsibilities as outlined by the client. Information Systems, Security Engineer Journeyman: Associate’s degree (STEM, field) or approved equivalent experience. IAT/M Level II. 2 years’ risk management framework experience within the last 5 years. Active Top Secret Security Clearance is required. Information Systems, Security Engineer Senior: Master’s degree (STEM field) or approved equivalent experience. IAT/M Level III. 6 years’ risk management framework experience within the last 8 years. Active Top Secret Security Clearance is required. Minimum Skills: Exceptional interpersonal skills with the ability to communicate in a clear, professional, and articulate manner. Exceptional verbal and written communication skills. Excellent organizational, analytical, and problem-solving skills with high-level attention to detail. Ability to analyze systems and procedures. Strong multitasking skills with the ability to manage multiple design streams across concurrent work effort. Must be self-motivated and able to work well independently as well as on a multi-functional team. Ability to handle sensitive and confidential information appropriately. Our Commitment to you / overview of benefits Medical, Dental and Vision Insurance; Wellness Program. Flexible Spending Accounts (Healthcare, Dependent Care, Commuter). Short-Term and Long-Term Disability options. Basic Life and AD&D Insurance (Company Provided). Voluntary Life and AD&D options. 401(k) Retirement Savings Plan with matching after one year. Paid Time Off. Reports to: Managing Director Working Conditions Professional office environment, with the ability to work onsite in the main office. Work may require periods of sitting, standing, walking, lifting, and carrying equipment weighing up to 40 pounds. Manual dexterity is required for handling small components. Must be physically and mentally able to perform duties extended periods of time. Ability to use a computer and other office productivity tools with sufficient speed to meet the demands of this position. Must be able to establish a productive and professional workspace. Must be able to sit for long periods of time looking at computer screen. May be asked to work a flexible schedule which may include holidays. May be asked to travel for business or professional development purposes. May be asked to work hours outside of normal business hours. Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Cayuse is an Equal Opportunity Employer. All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law. Pay Range USD $0.00 - USD $0.00 /Yr. #J-18808-Ljbffr