Apply on Employer Site

VT Group (VTG) · 2 hours ago

Information Systems Security Engineer (ISSE)

Greater Richmond Region

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

VT Group's subsidiary, Byte Systems, is looking for an Information Systems Security Engineer (ISSE) to support assessment and authorization of critical systems and enhance the cybersecurity posture of their clients. The role involves configuring systems securely, implementing security controls, and assisting in various cybersecurity processes to defend against adversaries.

Information TechnologyMilitary

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

This position ensures that security is engineered into an information system from design through deployment and operation

Configure systems securely (OS, network devices, applications)

Implement and validate security controls

Provide evidence for Assessment & Authorization (A&A)

Support continuous monitoring activities

Support vulnerability scans and remediation

Ensure secure baseline configurations are applied and maintained

Support DevSecOps efforts in modern environments

Assist in developing mitigation strategies

Contribute to and help maintain:

System Security Plan (SSP)

Security architecture diagrams

POAMs (Plans of Action & Milestones)

Qualification

Cybersecurity expertiseNIST complianceVulnerability assessmentSecurity controls implementationScripting languagesLinux proficiencyWindows proficiencyTCP/IP networkingCross-team collaborationEffective communicationDocumentation skills

Required

Active Top Secret/Sensitive Compartmented Information (TS/SCI) clearance, with polygraph

Bachelor's Degree in Computer Science, Information Technology, or other related technical discipline, or the equivalent combination of education, technical training, or work/military experience

Minimum eight (8) years or relevant degree plus five (5) years of demonstrated cybersecurity expertise

Ability to work closely with stakeholders, developers, and external teams including customer security managers (ISSMs), ISSO, organizational leadership, and key personnel

Identify requirements for documentation associated with system categorization, the System Security Plan, and systems risk assessment as required under NIST 800-53/53A

Previous experience completing customer Assessment and Authorization (A&A) process from start to end

Assess system compliance with NIST requirements, identifying weaknesses and evaluating planned remedial actions based upon those requirements

Support control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems

Understanding of perimeter controls (firewalls), access control mechanisms, and network architectures

Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities

Skilled in cross-team collaboration and effective communication to fulfill specific accreditation requirements

Strong verbal and written communication/cooperation within a team context

Ability to work within fast-paced customer environments

Demonstrated skill documenting processes and procedures in CONOPS, system security, contingency, configuration management and other plans

Demonstrated ability to facilitate customer concurrences required for risk-based decisions requiring waivers

Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirements as documented in NIST 800-53 and its revisions

Preferred

Knowledge of the customer's organization, their network systems and infrastructure, processes and procedures, and request and approval tools

Experienced in scripting/program languages such as Bash, PowerShell, or Python

Proficient in Linux, Windows, and TCP/IP networking

Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, Rapid7 Nexpose, and IDS/IPS monitoring and alerting