Apply on Employer Site

ASRC Federal · 20 hours ago

Information System Security Engineer (ISSE)

Dayton, OH

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. They are seeking an Information System Security Engineer (ISSE) to provide expertise in Cybersecurity, Cloud, and Systems Engineering, supporting the development of secure enclaves and cyber network defense capabilities for DoD customers.

ConsultingGovernmentInformation TechnologyLogisticsProfessional ServicesSpace TravelStaffing Agency

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Engineer unique solutions to support ongoing Cyber Threat and Cyber Defensive Operations

Automate threat assessment and reporting activities

Analyze and report system and organizational security posture trends to the ISSM/ISSO

Provide cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation

Plan and recommend modifications or adjustments based on exercise results

Mitigate or correct security deficiencies identified during security and certification testing and/or recommend risk acceptance to the ISSM

Audit support responsibilities

Analyze and report organizational security posture trends to the ISSM/ISSO

Analyze and report system security posture trends to the ISSM/ISSO

Apply security policies to meet security objectives of the system to the ISSM/ISSO

Assess adequate access controls based on principles of least privilege and need-to-know and reports findings to the ISSM/ISSO

Assess all the configuration management (change configuration/release management) processes and reports findings to the ISSM/ISSO

Assess the effectiveness of security controls and reports findings to the ISSM

Be able to develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level and reports findings to the ISSM

Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance to the ISSM

Plan and recommend modifications or adjustments based on exercise results or system environment

Properly document all systems security implementation, operations and maintenance activities and updates necessary

Provides cybersecurity recommendations to the ISSM based on significant threats and vulnerabilities

Verify and update security documentation reflecting the application/system security design features

Verify minimum security requirements are in place for all applications

Assists the ISSM/ISSO in identifying the security requirements for the system, including the confidentiality, integrity, and availability of data

Assists the ISSM/ISSO in describing and documenting the security controls that will be implemented to meet the security requirements

Assists the ISSM/ISSO in describing and documenting the procedures that will be used to manage security risks and incidents

Assists the ISSM/ISSO in describing and documenting how the security controls will be monitored and tested to ensure that they are effective

Assists the ISSM/ISSO in describing and documenting how changes to the system will be managed to minimize security risks

Assists the ISSM/ISSO in describing and documenting how the system will be recovered in the event of a security incident

Assists the ISSM/ISSO in the collection and organization of supporting documentation and diagrams needed for an Authority to Operate Package

Assists the ISSM/ISSO with conducting a security assessment of the system. This includes identifying the system's assets, threats, vulnerabilities, and risks

Assists the ISSM/ISSO with developing a risk management plan. This plan identifies the security controls that will be implemented to mitigate the risks to the system

Assists the ISSM/ISSO in writing the System Security Plan or updating a System Security Plan Addendum

Assists the ISSM/ISSO in reviewing and updating the System Security Plan or Addendum

Assists the ISSM/ISSO in ensuring that the SSP is compliant with applicable DoD security policies and procedures

Monitors and investigates security breaches

Educates employees or clients about security procedures and programs

Other duties as assigned

Qualification

CybersecuritySystems EngineeringActive DirectorySplunkSecurity+ CertificationSTIG/SCAPAzure AutomationLeadership experience

Required

Must have a DoD Top Secret w/ SCI eligibility

Advanced technical competency and experience in one or more of the following areas: Active Directory Domain Services, Active Directory Federated Services, Active Directory Certificate Services, Windows Server Update Services, ePO, Splunk, STIG/SCAP, YUM, ACAS Automation, and Azure Monitor / Log Analytics

Security+ Certification

5+ years related experience in SCI/SAP environments

Bachelor's degree in computer science, Engineering, Finance, Business, or related field AND 3+ years leadership experience in relevant area of business OR equivalent experience

8-12 years demonstrated performance in related technology