Information Systems Security Engineer (ISSE)

Overview Job Title: Information Systems Security Engineer (ISSE) Location: Annapolis Junction, MD Eligibility: Candidate must possess an active TS/SCI with Full Scope Polygraph clearance What You’ll Bring A solid understanding of security practices and policies, plus hands-on vulnerability testing experience. Prior experience with classified IC dissemination platforms, IC information sharing rules, and IC markings standards is expected. About the Team You will join a high-performing team of Security Engineers supporting a large, significant program. The team focuses on improving system security architecture and strengthening cybersecurity capabilities across operational, test, integration, and development systems while solving complex, mission-critical issues. About the Environment This is a fast-paced, technically complex program supported by robust development, test, and production environments. The work involves systems with exacting interface, performance, and security requirements, including support for cross-domain capabilities and Security Verification Testing (SVT) of relevant Type 1 devices. About Our Practices The program executes using Agile practices aligned to the Scaled Agile Framework (SAFe) and follows DevOps best practices. Security execution is driven by the Risk Management Framework (RMF), including management of multiple System Security Plans (SSPs) across development, test, and production systems. The role also operates within classified Intelligence Community (IC) environments and requires familiarity with IC information sharing rules and the Intelligence Community Markings System Register and Manual standards. Summary of What You’ll Do Support the introduction of new capabilities into a complex system with stringent interface, performance, and security requirements Enhance system security architecture and cybersecurity capabilities across multiple environments (operational, test, integration, and development) Manage RMF-aligned SSPs for development, test, and production systems Manage and support cross-domain capabilities Support SVT activities for relevant Type 1 devices Perform hands-on vulnerability testing and contribute to day-to-day security engineering efforts across a wide range of activities Responsibilities Define and validate security requirements and establish security architecture and designs for large-scale, geographically distributed systems and interfacing components within a complex network environment. Ensure end-to-end implementation alignment by working closely with Systems Engineering, Test Engineering, and Integration teams so hardware and software architecture and implementations meet security requirements. Design and implement security architectures and enterprise security solutions to ensure consistent application of security policy across the environment. Recommend and develop security standards and technical solutions aligned to current and target security architecture. Assess threats, risks, and operational security posture throughout the system lifecycle, including evaluating the impact of new development and recommending and implementing enhancements. Lead and contribute to security governance activities including security planning, assessment, risk analysis, risk management, certification support, awareness activities, security control assessment, and continuous monitoring and other IA program support functions. Evaluate, review, and test critical software and identify and remediate security issues across the system. Audit and assess security configurations using common methodologies and tools, and provide configuration management for security-relevant software and system components. Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies across distributed components. Serve as a security architecture SME, collaborating daily with internal technical experts and providing guidance to Program Managers, customer technical POCs, and internal teams on significant security issues. Enable secure development practices by working with development teams to improve understanding of vulnerabilities, attack vectors, and remediation approaches. Participate in SAFe activities, including Program Increment (PI) Planning and related Agile ceremonies. Plan and conduct Security Verification Testing (SVT) for relevant Type 1 devices. Required Qualifications You must already have an active TS/SCI with a full scope polygraph. No exceptions and no sponsorship available 15 years of relevant experience AND a Master’s degree in related discipline (e.g. Computer Science, Cyber Security, Information Assurance, Information Security System Engineering). Additional experience may be substituted for a degree. Strong understanding of security practices and policies, including hands-on vulnerability testing using customer tools. Proven experience applying the Risk Management Framework (RMF) Experience formulating, evaluating, and enforcing IT security policies Working knowledge of industry-standard security tools (Nessus, Nmap, Wireshark), plus practical experience with hardware and software security implementations, network and communication protocols, encryption tools and techniques, web services security, and hardening of desktop and server operating systems Ability to work across multiple systems and components at the same time in a variety of configurations Strong written and verbal communication skills Commitment to best practices and process discipline Ability to plan and prioritize work, clearly explaining technical options and trade-offs Ability to produce high-quality results independently and as part of a team in a fast-moving environment Preferred Qualifications DoD 8570 compliant with IASAE Level II or Level III Information Systems Security Engineering Professional (ISSEP) Certified Information Systems Security Professional (CISSP) Five (5) years of experience applying Defense-in-Depth principles and technologies, including access control, authorization, Identification and Authentication, PKI, network and enterprise security architecture Experience applying risk assessment methodologies to system development Experience developing/implementing integrated security services management processes, e.g. assessment and audit support for network penetration testing, antivirus planning, risk analysis, incident response Experience providing information-assurance support for application development, including system security certifications and project evaluations for firewall solutions Experience with penetration testing tools Experience with scripting languages Highly Preferred: background in Analytical Methods and Modeling, Signals Intelligence (SIGINT), and Cryptographic Key Management will receive special consideration Start Date: Immediate start upon clearance crossover. Positions are available now and will be offered to the best qualified candidates on a first-come, first-served basis. #J-18808-Ljbffr Arena Technical Resources, LLC (ATR)