"Alerted.org

As a Top Secret Information Systems Security Engineer (ISSE) for this program, you will be working in an organization that’s mission is to develop and operate the best possible software for critical national security enterprise applications. This organization leverages SCRUM and SAFE Agile software development methodology and strong Dev Ops practices.

You will be responsible for the secure design, analysis, and test of information security systems and products. You will ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. You will create and update security test plans for detecting and mitigating risk to information systems. engineer and perform tests and test plans to satisfy audits. You will evaluate, validate and implement solutions for mitigating information systems findings or risks. You will apply methods, standards and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. You will advise on a range of security related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts and potential adverse effects of vulnerabilities.

Responsibilities:

Responsible for the secure design, analysis, and test of information security systems and products. Ensure technical documentation exists for all systems and is kept up to date to include system security plans, business impact analyses, continuity of operations plans, mitigations, authorized software lists, authorized hardware lists, and elevated user access list and roles. Create and update security test plans for detecting and mitigating risk to information systems. engineer and perform tests and test plans to satisfy audits. Evaluate, validate and implement solutions for mitigating information systems findings or risks. Apply methods, standards and approaches for ensuring the baseline security safeguards are appropriately implemented and documented. Advise on a range of security related activities such as establishing system boundaries, assessing the severity of system weaknesses and deficiencies, security alerts and potential adverse effects of vulnerabilities.

Possesses and applies a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments. Evaluates performance results and recommends major changes affecting short-term project growth and success. Functions as a technical expert across multiple project assignments. May supervise others. Minimum of 8 years’ experience recommended. In absence of years of experience, certifications or past work may be used to show the level of experience needed to perform at this level.

A typical day in the life on this program involves:

• Serve as the principal advisor to provide expert knowledge of system functions, security policies, technical safeguards and operational security measures to include products and systems implemented on a Cloud infrastructure

• Design, analyze, and test information security systems, products, cloud architectures and cloud solutions

• Develop, implement and evaluate security controls, measure, and frameworks in cloud-based systems to ensure data integrity, confidentiality and availability

• Draft and keep updated security documentation and reporting

• Comply with all applicable security protocols

Requirements:

• Active Top Secret clearance with SCI eligibility

• Minimum of 4 years of related experience

• Hold one of the following security certifications or equivalent: Security +, CGRC, CASP, CISSP

• Education: Associate's Degree

o In absence of degree, additional years of experience may be substituted for educational requirements

**Clearance Required:** Top Secret with SCI eligibility

Minimum Education:

Associate's Degree

In absence of degree, additional years of experience may be substituted for educational requirements

Minimum Years of Experience:

Minimum of 4 years of related experience

Hold one of the following security certifications or equivalent: Security +, CGRC, CASP, CISSP

Preferred:

• Be familiar with NIST 800-53 Rev. 5

• AWS/Azure

• JIRA/CONFLUENCE

• Agile Methodologies

• Expertise on Information Security Principles, processes and guidelines

• Able to obtain and maintain an Authority To Operate (ATO) for Information Systems.

• Analyze logs using Splunk and AWS tools

• Scanning tools such as Tenable Nessus

• Able to work on multiple projects with various timelines, at times very short deadlines.

• Certification in one or more of the following: CompTIA Network+, CPT: Certified Penetration Tester, CEPT: Certified Expert Penetration Tester, CREA: Certified Reverse Engineering Analyst, CEH: Certified Ethical Hacker, CWAPT: Certified Web Application Penetration Tester

\#javelin