Information Systems Security Engineer (ISSE)/ISSO jobs in United States
cer-icon
Apply on Employer Site
company-logo

Computer World Services Corp. (CWS) · 3 weeks ago

Information Systems Security Engineer (ISSE)/ISSO

positionFalls Church, VA
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$145K/yr - $155K/yr

Computer World Services Corp. (CWS) is focused on supporting the Financial Stability Oversight Council in promoting financial stability. The Information Systems Security Engineer (ISSE)/ISSO will design, develop, and implement cybersecurity solutions, conduct risk assessments, and manage vulnerability programs to ensure robust security across systems.

ComputerInformation TechnologySoftwareVirtual Reality
check
Senior ManagementbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide accurate accounting and tracking for risks and findings
Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms to identify, prioritize, and remediate security vulnerabilities and configuration baselines across the enterprise infrastructure
Implements automated container vulnerability scanning tools, such as AWS Clair, to identify and evaluate critical findings
Perform application security testing using Fortify WebInspect to assess web applications for security flaws and conduct thorough code reviews using Veracode to identify vulnerabilities in source code
Create custom queries and generate detailed reports in Splunk to support security monitoring, incident analysis, and compliance reporting
Tracked, monitor and report on Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA), continuous monitoring activities, vulnerability scans, application security tests, and code analysis will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making
Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted
Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring)

Qualification

Cybersecurity engineeringVulnerability managementNIST Risk Management FrameworkSecurity assessmentsAWS Cloud ServicesSecurity frameworksIncident responseBasic PythonBasic JSONBasic PowerShellCommunication skillsWork under pressure

Required

Deep understanding of modern cybersecurity engineering principles
Control validation, including security-as-code, infrastructure-as-code, and DevSecOps practices
Proven experience conducting security assessments
Hands-on experience managing a vulnerability management program
Reviewing and recommending detection rules
Incident response playbooks
Performing regular audits of security controls and access management systems
Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls to measure the effectiveness of controls and identify control gaps
Ensure compliance with guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums
Identify, assess, and prioritize identified risks
Collect evidence, artifacts, and document findings to support conclusions
Report on compliance with internal policies, controls, and standards
Provide recommendations for remediation of identified deficiencies
Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
Coordinate third-party risk assessments and IT audits
Manage remediation efforts and report on the status of control deficiencies
Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)
Strong written and verbal communication skills; must be able to effectively communicate with all levels of staff up to executive-level management, customers (internal and external), and vendors
Familiar with basic python, JSON, and/or PowerShell
Familiar with AWS Cloud Services - EC2, VPC, S3, RDS, CloudFormation, Systems Manager, CloudWatch, Security Hub
Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10
Public Trust High (Tier 4/BI) Risk Level
Must be a US citizen

Preferred

Certified Information Security Professional (CISSP)
Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent
Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required

Benefits

Reasonable accommodations

Company

Computer World Services Corp. (CWS)

twittertwittertwitter
company-logo
Computer World Services Corp. is an information technology company specializing in end to end network operations and IT solutions.
dateFounded in 1990
location
Falls Church, Virginia, USA
people-size201-500 employees
web-link
http://cwsc.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Farrukh Hameed
Founder and CEO
linkedin
Company data provided by crunchbase