Apply on Employer Site

ParsonsKellogg · 3 months ago

Senior Information Systems Security Engineer (ISSE)

US - CO, Colorado Springs

Full-time

Hybrid

Senior Level, Lead/Staff

$109K/yr - $190K/yr

8+ years exp

ParsonsKellogg is a leader in developing cutting-edge solutions for the Department of Defense and Intelligence Community. They are seeking a Senior Information Systems Security Engineer (ISSE) to focus on cybersecurity aspects of system design, supporting DoD agencies and ensuring compliance with cybersecurity standards.

AdvertisingMarketing

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Utilize Joint Special Access Program Implementation Guide (JSIG) /Risk Management Framework (RMF) to achieve and maintain Authorization to Operate (ATO), Interim Authorization to Test (IATT), and Authority to Connect (ATC) for all existing and new Information Systems (IS) that require accreditation to include on premise and cloud platforms

Broad knowledge of Information Technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption); computer networking concepts and protocols, and network security methodologies; network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Implement security policies and procedures including System Security Plans (SSP), Security Controls Traceability Matrices (SCTM), Risk Assessment Reports (RAR), Continuous Monitoring Plans (ConMon), Security Assessment Reports (SAR), and Plan of Actions and Milestones (POA&M)

Strong ability to produce and maintain varied technical documentation, policy, and procedures such as: Ports Protocols and Services Management (PPSM) worksheets, system and network diagrams / descriptions, and Standard Operating Procedures (SOPs)

Coordinate and perform security audits and system updates to identify nonstandard events and maintain system and information integrity

Play an active role in conducting continuous monitoring activities on Accredited Information Systems (AIS) environment of operation to include developing and updating the system artifacts as well as managing and controlling changes to the system

Conduct security impact analysis activities and provide to the Information Systems Security Manager (ISSM) on all configuration management changes to the authorization boundaries

Experience in reviewing and implementing secure configuration management techniques

Report Cyber incidents or vulnerabilities to the ISSM and/or government chain of command

Have expert knowledge of and hands on experience to configure and manage security tools and systems e.g., Security Technical Implementation Guides (STIGs), Assured Compliance Assessment Solution (ACAS), Host Based Security System (HBSS) / Trellix / Splunk

Monitor and analyze network traffic for potential threats

Assisting in incident response and remediation efforts

Ensuring compliance with DoD cybersecurity standards

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)

Practical experience in guiding systems through NIST SP 800-37 RMF steps, from Prepare to Monitor, using CNSSI 1253 to ascertain appropriate Confidentiality, Integrity, and Availability levels, and the NIST SP 800-53 controls associated with each level

Experience with Enterprise Mission Assurance Support Service (eMASS) and Xacta

Qualification

Risk Management Framework (RMF)Information Technology securitySecurity Technical Implementation Guides (STIGs)NIST SP 800-37 RMFCompTIA Security+Cloud ComputingEnterprise Mission Assurance Support Service (eMASS)Incident responseTechnical documentationSoft skills

Required

Coordinate and perform security audits and system updates to identify nonstandard events and maintain system and information integrity

Conduct security impact analysis activities and provide to the Information Systems Security Manager (ISSM) on all configuration management changes to the authorization boundaries

Experience in reviewing and implementing secure configuration management techniques

Report Cyber incidents or vulnerabilities to the ISSM and/or government chain of command

Monitor and analyze network traffic for potential threats

Assisting in incident response and remediation efforts

Ensuring compliance with DoD cybersecurity standards

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)

Experience with Enterprise Mission Assurance Support Service (eMASS) and Xacta

Must have a Bachelors Degree in Computer Science/Engineering/Cybersecurity or other relevant Engineering field from an accredited university with minimum 8 years of experience

Top Secret (TS) security clearance with eligibility for Secret Compartmented Information (SCI)

Willingness to submit to a Counterintelligence Polygraph to achieve SAP Security Clearance within 6 months of hire

Possess a DoD 8140.03/8570.01 Information Assurance Manager II certification or able to obtain within 6 months of hire: CompTIA Security+, Cisco Certified CyberOps Associate, GIAC Security Essentials (GSEC), SSCP (Systems Security Certified Practitioner)

Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel, and industry partners

Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)

100% onsite is required in Colorado Springs, CO

Preferred

Experience with DEVOPS / DEVSECOPS operations and requirements

Knowledge of cyber tools such as Security Information and Event Management (SIEM) systems, vulnerability detection, scripting languages and/or programming language

Knowledge of Cloud Computing such as Amazon AWS and Microsoft Azure platforms