Information Systems Security Engineer

Location: Honolulu, HI
Seniority Level: Mid-Senior level

As the Information Systems Security Engineer, you will propose, implement and enforce
operational security policies and ensure solutions are in place to limit security risks.

You will maintain the operational security posture to ensure information systems (IS) security
policies, standards, and procedures are established and followed, and will support the efforts to
obtain systems approval and Authority to Operate for new, innovative systems that will be
entirely new to the procuring government agencies.

If You Join Us, You Will:

• Work with a team to provide a comprehensive risk management plan to address, identify, assess, and provide prioritization of risks (including how risks will be recorded, reported and mitigated). Plans shall include the full range of risks that could impact the project including but not limited to resources, access, physical and cyber security, and unplanned events.
•  Identify high risk factors and develop a mitigation plan to reduce or eliminate the risk.
• Develop and maintain system Plan of Actions and Milestones (POA&M to address individual risks, prioritizing risk actions, and detail an integrated risk action plan for each risk identified.
• Perform Risk Assessments and document findings in each system's POA&M
• Understand NIST, Committee for National Security Systems (CNSS), DoD/DON Communications Task Orders (CTOs, TASKORDS), and Information Assurance Vulnerability Management (IAVMs), and Security Technical Implementation Guides (STIGs)
• Prepare for and conduct RMF-related briefings at meetings with internal and external representatives ISSE Candidate will have sufficient knowledge to provide support for the following: Assemble and review all required documentation as outlined by the ISSM and CNIC for
  the RMF packages.
• Tailor security controls out of National Institute of Standards and Technology (NIST) SP800-53 rev 4 for the systems.
• Assist with updating policy and documentation along with maintaining compliance with National Institute of Standards (NIST) SP 800-53 rev 4 throughout the RMF lifecycle.
• Update and help implement the status of all security controls.
• Assess and implement security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in accordance with governing policies.
• Process and maintain compliance by leveraging Nessus, STIGs, and Security Content Automation Protocol (SCAP) files.
• Assist in managing identified vulnerabilities.

Basic Qualifications:

• Five (5) years of experience is required as an ISSE/ISSO including experience in at least one (1) of the following areas: knowledge of current security tools, hardware/software security implementation, communication protocols or encryption techniques/tools.
• Thorough knowledge of NIST security guidelines.
• Bachelor of Science from an accredited college or university in Computer Science or related field may be substituted for four (4) years of experience.
• Experience with Navy Information Assurance
• Additional Security Clearance may be required

 

Posted On: Wednesday, November 22, 2023