Apply on Employer Site

STR · 1 day ago

Information Systems Security Engineer (ISSE)

Woburn, MA

Full-time

Onsite

Mid Level

$136K/yr - $170K/yr

3+ years exp

STR is a technology company focused on advanced research and development for defense, intelligence, and national security. They are seeking a well-rounded cybersecurity professional to join their Cybersecurity/Risk Management Framework program, responsible for ensuring compliance and managing security architecture for classified programs.

Artificial Intelligence (AI)Machine Learning

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct both vulnerability and compliance scans of Information Systems

Support the development of Risk Management Framework (RMF) documentation and control validation testing for Authority to Operate (ATO) accreditations

Develop cybersecurity requirements, design, and architecture for current and emerging program needs

Implement Information Assurance and Information Security protections and requirements in program development and execution environments

Apply required security controls to networking devices, databases, operating systems, and hardware/software components

Assist ISSMs and ISSOs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities

Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional

Support the completion of Continuous Monitoring requirements in accordance with RMF and NIST SP800-53 standards

Perform other tasks as assigned by the manager

Qualification

Information AssuranceCybersecurity Requirements DevelopmentRisk Management Framework (RMF)NIST SP800-53DoD 8570 IAM Level IIIWindows/Linux ConfigurationVulnerability Scanning ToolsSecurity Incident ManagementScriptingTeam EnvironmentCommunicationDetail-orientedSelf-starter

Required

Active Top Secret security clearance with the ability to obtain SAP and SCI access (U.S. citizenship required)

3-5 years of technical (hands-on) experience in Information Assurance/Cyber Engineering, including requirements development and implementation

DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months of hire

Knowledge of the DCSA Authorization and Assessment Process Manual (DAAPM) and the Joint Special Access Implementation Guide (JSIG)

Configuration, certification, and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networks

Managing and implementing DISA STIGs and benchmarks in various operating systems (Windows, RHEL, Ubuntu)

Using IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP))

Maintaining/managing Security Incident and Event Management (SIEM) and centralized auditing tools (e.g., Splunk, PowerStrux)

Familiarity with Microsoft Deployment Toolkit (MDT)

Supporting the hardening of new builds of Information Systems (IS) and ensuring full functionality before deployment

Scripting in Windows and/or Linux

Using McAfee/Trellix ePO, including familiarity with DLP components

Experience with NIST SP800-53 technical control implementation and assessment

Excellent communication skills, detail-oriented, self-starter with a focus on understanding STR CCS and CIT processes and procedures

A desire for continuous improvement while working in a team environment and the ability to handle multiple fast-changing priorities/projects effectively