Information Systems Support Engineer Support / Secure Development & Integration

Title: Compliance Analyst

Location: Fort Lee, VA OR Smryna, GA -Remote work Authorized.

Clearance: Secret

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world.

Foxhole Technology is seeking an experienced Information Systems Support Engineer Support / Secure Development & Integration as part of a team of information assurance professionals in support of a critical Government program.

Provide high-level ISSE support to integrate cybersecurity requirements and implement security controls throughout the RMF lifecycle, ensuring agency systems achieve and sustain their ATO. Coordinates with system owners and security personnel to prepare systems for authorization, categorize information and impact levels, select and tailor security controls, and document their implementation. This support extends to assessing security controls, contributing to authorization packages, and continuously monitoring the security posture of systems to ensure ongoing compliance and risk management.

Coordinates with the Information System Owner (ISO) to define the authorization boundary and develop boundary diagram artifacts.
• Analyze and document mission/business processes supported by the system to define comprehensive system security needs, directly linking security to operational objectives.
• Develop and document robust System Security Plans (SSPs) and detailed Security Design Documents, providing a foundational understanding of the system's security posture.
• Document information types and impact levels (confidentiality, integrity, availability), providing a granular understanding of data sensitivity.
• Ensure the system categorization aligns with DoD mission assurance priorities, supporting critical defense functions.
• Design and implement technical security controls per DoD Secure Configuration Baselines.
• Apply STIGs (Security Technical Implementation Guides) and hardening procedures to all IT assets as applicable, reducing the attack surface and mitigating known vulnerabilities.
• Document control implementation in the SSP, maintaining accurate and up-to-date security documentation.
• Analyze scan results from tools like Tenable, ACAS, or Nessus, identifying vulnerabilities and misconfigurations.
• Conduct self-assessment and validate control effectiveness and document findings in Security Assessment Reports (SARs), providing an internal evaluation of security controls.
• Ensure alignment with DoD Cybersecurity Strategy and acquisition lifecycle, integrating security considerations throughout the system's lifespan.
• Provide evidence and artifacts in support of security control validation efforts, demonstrating the effectiveness of implemented controls.
• Coordinate and schedule all assessment activities with the SCA and testing teams, facilitating thorough and efficient security evaluations.
• Conduct Security Control Assessments for all RMF "Assess Only" cybersecurity assessments, providing dedicated evaluation for specific security concerns.
• Coordinate with the SCA on development of the Security Assessment Plan (SAP) and Security Assessment Report (SAR), contributing to formal assessment documentation.
• Remediate findings and update the POA&M (Plan of Action and Milestones), tracking the progress of vulnerability mitigation.
• Develop risk mitigation strategies for vulnerabilities that are unable to be fully remediated.
• Track and report on security control effectiveness and system changes, maintaining visibility into security performance.
• Update SSP, POA&M, and SAR as system changes occur or as needed, but no less than annually, reflecting the current state of system security.
• Participate in Annual Security Assessment Review (ASR) and Incident Response exercises, demonstrating preparedness and responsiveness to security events.
• Respond to cybersecurity incidents and environmental changes, ensuring rapid and effective incident handling.

Active Secret security clearance

At least 5 years of related experience

DoD IAT II required certification/s (one of the following): CCNA-Security, CySA+ (CSA+), GICSP, GSEC, Security+ CE, CND,SSCP

CSSP-IS required certification/s (one of the following): CEH, CySA+, GCHI, CFR

Requirements of position: Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others. May be exposed to dust/dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military/veteran status, or any other protected class.