Information Systems Security Engineer

Seeking a knowledgeable and experienced Information Systems Security Engineer (ISSE) to join our security team. The ISSE will be responsible for designing, implementing, and maintaining robust security systems to protect our organization's data and information technology infrastructure. This role requires a deep understanding of security engineering concepts and the ability to collaborate with a multidisciplinary team to ensure that security procedures and solutions are effectively integrated into the organization's systems.

ESSENTIAL FUNCTIONS

• Security Architecture Development: Design and implement information security solutions and architecture in alignment with organizational policies and regulatory requirements.

• Risk Assessment: Conduct risk assessments to identify potential threats and vulnerabilities within the IT environment and propose appropriate mitigation strategies.

• Security Controls: Design and integrate security controls to protect system integrity, confidentiality, and availability, as well as ensure compliance with applicable standards.

• System Integration: Work with IT and development teams to securely integrate new technologies and platforms into the existing IT infrastructure.

• Security Documentation: Develop and maintain comprehensive security documentation, including System Security Plans (SSPs), Risk Assessment Reports, and Security Assessment and Authorization (A&A) packages.

• Incident Response: Support incident response efforts, providing expertise in investigating security incidents and implementing countermeasures to prevent future occurrences.

• Security Testing and Evaluation: Conduct security testing, analysis, and evaluation of new and existing systems to identify security weaknesses and recommend improvements.

• Compliance Monitoring: Ensure ongoing compliance with relevant security regulations and standards, such as CMMC L2, NIST SP 800-171, ISO 27001, and others as applicable.

• Collaboration: Collaborate with stakeholders, including system owners, to ensure security measures align with business objectives and operational needs

SUPERVISORY RESPONSIBILITIES

None.

KNOWLEDGE, SKILLS, & ABILITIES:

• Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), and CompTIA Advanced Security Practitioner (CASP+) are all highly desirable.

• Demonstrated ability to successfully navigate the ATO process resulting in certification of computer systems operating in a classified environment.

• Experienced working with cross-functional teams to include engineering, IT, and manufacturing.

QUALIFICATIONS:

• Education: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related STEM field. Master's degree in Cybersecurity is desired.

• Experience: 5+ years of experience in information security engineering or related roles.

• Certifications: CompTIA Security+, CISM, eMASS

• Strong knowledge of security architecture frameworks, ATO process, risk management processes, and security technologies (e.g., firewalls, intrusion detection/prevention systems, encryption).

• Excellent analytical and problem-solving abilities, with experience conducting threat modeling and vulnerability assessments.

• Strong communication and documentation skills, capable of effectively conveying complex security concepts to technical and non-technical audiences.

• Active current DOW/DOD Secret security clearance.