Information Systems Security Engineer

StraitSys Inc

PRIMARY FUNCTION

Responsible for ensuring IT systems maintain the appropriate security posture in accordance with NIST and FBI policy/guidance. Analyze and define security requirements for on-premises and cloud environment IT systems. Designs, develops, engineers, and implements solutions that meet security requirements. Responsible for the integration and implementation of IT system security solutions under the guidance of the ISSO and Government personnel. Performs risk analyses of IT systems and applications during all phases of the system development life cycle and during mandated security reviews. Collaborates with other engineers, administrators, and other technical experts in the identification and implementation of appropriate information security functionality to ensure uniformity, standardization, and compliance with security policies.

ESSENTIAL FUNCTIONS

• Assist in designing and implementing security architectures to protect information systems and networks, ensuring they align with regulations and best practices.
• Perform risk assessments to identify potential security threats and vulnerabilities. Develop and implement strategies to mitigate identified risks, ensuring the security of the organization's information systems.
• Ensure all information systems comply with relevant security standards and regulations such as FISMA, NIST, and other applicable federal guidelines. Assist in managing certification and accreditation processes to maintain authorized status.
• Participate in the response to security incidents, including coordinating investigations, documenting findings, and implementing corrective actions. Ensure incidents are resolved efficiently and in accordance with organizational protocols.
• Provide guidance and mentorship to junior security engineers. Conduct training sessions to enhance the team's skills and knowledge in cybersecurity best practices and emerging threats.
• Oversee the deployment and management of security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption solutions. Ensure these technologies are effectively integrated into the organization's infrastructure.
• Assist in developing and implementing continuous monitoring programs to regularly assess the security posture of information systems. Use insights from monitoring activities to recommend and implement improvements in security controls, policies, and procedures.

SUPERVISORY RESPONSIBILITIES

None.

KNOWLEDGE, SKILLS, & ABILITIES:

• Experience supporting IT systems in a cybersecurity engineering role required to adhere to NIST and FBI cybersecurity policy, guidelines.
• Firm understanding of current NIST SP 800-53, DOJ/FBI Policies and Procedures, and Industry best practices.
• Experience completing security evaluations of IT systems to ensure they meet security requirements.
• Experience developing and/or editing standard operating procedures, user guidelines, and system and information security documentation related to the security of IT systems.
• Demonstrated knowledge of and experience with current security tools, hardware/software security implementation, communication protocols, and encryption techniques/tools.
• Ability to complete tasks in support of security operations and management, security planning/documentation, security monitoring and evaluation, security awareness and training, and security incident reporting and response management.

QUALIFICATIONS:

• Active Top Secret Clearance with the ability to obtain SCI, if required.
• Bachelor's or Master's degree in Engineering, Computer Science, Information Systems, Cyber Security, or related discipline. Education substitution requires 8+ years' experience supporting IT systems information and system security operations.
• 5+ years' experience as an ISSE, information security, or cybersecurity role supporting unclassified and/or classified systems responsible for the cybersecurity of IT networks, systems, and applications.
• Must possess and maintain at least one of the following certifications: International Information Systems Security Certification Consortium (ISC), Certified Information Systems Security Professional (CISSP), the Global Information Assurance Certification (GIAC) (SANS) Information Security Professional (GISP), or the Computing Technology Industry Association (CompTIA) Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction 8570.1 IAM Level III proficiency.