Information Systems Security Engineer (ISSE) Position Available In Alachua, Florida
Tallo's Job Summary: The Information Systems Security Engineer (ISSE) role requires a Top Secret clearance and expertise in information system security. Responsibilities include developing compliancy, coordinating with Government customers, and preparing documentation. The ideal candidate should have strong communication skills and ten years of relevant experience. Experience with Authorization to Operate (ATO) is preferred. Advanced technical knowledge and familiarity with security protocols are essential.
Job Description
Job Description:
ALTA IT has a Direct Hire position open for an ISSE. Apply promptly! A high volume of applicants is expected for therole as detailed below, do not wait to send your CV.
Clearance:
Top Secret and willing to sit for CI Poly Onsite – Quantico, VA Senior level capabilities regarding Information system security.
Knowledgeable of current Information Assurance (IA) technologies tothe architecture, design, development, evaluation, and integrationof applications, systems, and networks to maintain the systemsecurity posture. Develops compliancy and standardization withinthe Government’s policies regarding various information systems.
Work closely with Government customers to ensure theconfidentiality, integrity, and availability of systems,applications, networks, and data through the planning, analysis,development, implementation, maintenance, and enhancement ofinformation systems security programs; infrastructure; application;Security Assessment and Authorization (SAA), IA policy directives(PD) and guides (PG); and IA Security tools (e.g., Tenable.io,Nessus Pro, NMap, etc.).
The ISSE shall:
Have excellent verbal andwritten communication skills to be able to accurately relaterequirements and document all within the appropriate securitydocument and/or within the RMF system and coordinate with program,other system(s), and security personnel; Prepare documentation from templates such as, but not limited to,Configuration Management Plan (CMP), Incident Response Plan(IRP), Must be able to discern the program policies and procedures,identify areas that need work and bring up to management forresolution; Identify IA vulnerabilities and coordinate with the Infrastructureand Development teams to correct, mitigated or apply for anexception via the POA&M processes; Review vulnerability (i.e., patches, updates, etc.) and compliance(i.e., Security Content Automation Protocol (SCAP) and/or DefenseInformation Systems Agency (DISA) Security Technical ImplementationGuide (STIG) scans on the infrastructure and applications to ensurepatch and configuration compliance (on-premises and in the cloud(AWS preferred); Prepares SAA package(s) to obtain and maintain anauthority-to-operate (ATO), authority-to-test (ATT), or other SAAauthority types for all systems and applications; Attend Configuration Control Board (CCB) meetings and review allchange requests for impact to the system/application securityposture(s) and applicable Federal and PD and PG compliancerequirements; and document decisions within the CMP; Coordinate security incident and high priority compliance responseswith the Enterprise Security Operations Center (ESOC); Represent security interests in various meetings within and outsideof the program; Schedule and conduct meetings with pertinent program personnel toaddress findings to determine appropriate path forward and documentwithin the CMP and, if necessary, POA&M; Coordinates with other system Information System Security Officers(ISSO) to ensure that their requirements for interconnection,policy and procedures are met and all documentation is provided andupdated as necessary; Ability to assess current and evolving security threats in anoperational environment
Required Skills:
Clearance:
Top Secret clearance is required; mustbe willing to sit for CI Poly Bachelor of Science (B.S.) Degree in Computer Security or relatedfield of study, or in lieu of education, an additional five (5)years of relevant experience that addresses all requirements of theposition Ten (10) years of experience performing security requirementanalysis, system design, of computer systems (ISC)2 Information Security Certification(s) (e.g.,
CISSP, CAP,etc Working Experience:
Splunk and Tenable, reading technical andnetwork diagrams, dataflows, creating workflows.
Authorizations Experience:
Experience with the process of obtainingand maintaining Authorization to Operate (ATO) is preferred.
Subject Matter Expertise:
Demonstrated expertise in informationsystems security, with a strong technical background and acomprehensive understanding of security protocols andpractices. Advanced knowledge beyond operations and maintenance, including asolid background in network security and familiarity with technicalaspects such as basic coding and scripting. Ability to think fluidly and adapt to evolving technicalchallenges, with a proactive approach to learning andproblem-solving. Proven experience in working collaboratively within a teamenvironment, contributing to collective goals and initiatives Demonstrated dedication and investment in the responsibilities andgrowth associated with the role.
Preferred Skills:
Experience in a cyber-risk and compliancemanagement system (e.g.,Xacta, RiskVision, etc.) One (1) year experience or more configuring, performing,scheduling, reviewing, and assessing vulnerability (i.e., patches,updates, etc.) and compliance (i.e., Security Content AutomationProtocol (SCAP) and/or Defense Information Systems Agency (DISA)Security Technical Implementation Guide (STIG)) scans on theinfrastructure and applications to ensure patch and configurationcompliance on-premises and in the cloud (AWS preferred) Technical background that will assist in assessing the
NIST SP800-53
security controls and gather evidence to supportconclusions Knowledge of operating systems, network and application security toaid implementation of information security and assurance principle;and Knowledge of SPLUNK software and tools. #M2
