Information Systems Security Engineer (ISSE)

Mantis Security is a leading specialty firm of high caliber talent who specialize in Cyber Operations, Cyber Defense, Information Assurance, Software Development, DevSecOps, Security Engineering, and Cloud Engineering. We enable and protect our nation's most important IT assets and invest in the long-term career development of every employee! We are currently looking for the next Information Systems Security Engineer (ISSE) to join our team of experts!

You will support the security engineering and security requirements for custom-built applications and information systems and support the agency's Assessment & Authorization (A&A) process. The ideal candidates are comfortable working with software developers and architects, and with program Information System Security Officers (ISSOs), to ensure appropriate security measures per ICD 503 and NIST 800-53 security controls. You will support security engineering technical meetings and requirements analysis in areas of cloud, container security, DevSecOps, and platform security in order to ensure security measures are modernized.

Responsibilities:

• Develop and improve security architectures for applications, information systems, and microservices.
• Lead the analysis of security requirements and provide implementation recommendations to developers and systems engineers
• Provide security engineering input to assigned programs throughout the program lifecycle to ensure systems meet ICD-503 controls
  Leverage DAST and SAST tools provided by agency's DevSecOps CI/CD toolchain to analyze static code and dynamic code for known vulnerabilities and work with developers, ISSO, and SCAs to ensure adequate remediation
• Analyze code for known vulnerabilities using Fortify and work with developers to mitigate findings Analyze runtime security of applications using OWASP ZAP or Arachni (dynamic application security testing)
• Employ best practices when implementing security controls within an information system to include software engineering methodologies, system/security engineering principles, secure design, secure architecture and secure coding techniques
• Design unclassified and classified environments that leverage AWS clouds and Azure clouds
• Work with team to configure and maintain Virtual Machines (EC2 instances) that align with security requirements
• Support application development or infrastructure development teams in the review of their security engineering requirements
• Implement DevOpsSec initiatives in the implementation of the DevOpsSec Framework for IC IE
• Support regular review of AWS security settings, IAM roles, privileges, and environmental settings
• Perform vulnerability testing, risk analyses and security assessments
• Research security standards, security systems and authentication protocols
• Test security structures to ensure they behave as expected
• Determine the most effective way to protect applications, networks, and information systems against external and insider threats

Requirements:

• Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph
• Bachelor's degree in computer science, cyber security, or a related technical field, with 8+ yrs. experience with information systems development and security; an additional 4 years of experience may be substituted in lieu of a degree;
• Advanced knowledge in two or more of the following areas: DevOps methodologies, CI/CD tools, practices (GitHub, Git, Jenkins, Artifactory, Nexus, etc.)
• Agile or Scrum methodology
• AWS Security Configuration
• Software Development in Java, Python, Ruby and/or C++ Linux Expertise (RedHat/RHEL or CentOS preferred)
• Dynamic & Static Application Security Scanning (e.g., Arachni, OWASP ZAP, BurpSuite, Fortify, Checkmarx, etc.)
• Virtualization and containers (EC2, Docker)
• Infrastructure Security Scanning, Vulnerability Scanning (Twistlock, ACAS/Nessus)
• Experience with Xacta, eMASS, or equivalent IA management software is desired
• Understanding of STIGs and CIS Benchmarks DoD 8570 certification

We believe that our strength is in our employees. We offer employees the chance to work with great people on projects of high importance and are committed to providing the best culture that foster’s technical innovation and personal growth. To help our staff achieve a productive work-life balance, we offer a full range of highly competitive benefits for our employees and their families. For more information visit our website at