VTG is seeking an Information Systems Security Engineer (ISSE) for a technical development program supporting cloud-based applications, and its associated cloud infrastructure located on a highly secure network. The ISSE will work with a large team of developers, system engineers, DevOps engineers, database administrators, and system architects.
Responsibilities:· The ISSE will participate in the team’s regularly scheduled Agile tag up (scrum) meetings and report on the status of their assigned Jira issues
· Attend ad-hoc TEMs with the team to discuss and weigh in on numerous architectural aspects of the systems for assessing security impacts that may arise with system changes
· Assist with and/or lead security scans of the systems and report and analyze findings for impacts
· Review any security findings (CVEs) as noted by outside entities for system impact analysis and how best to proceed with addressing them
· Participate in team TEMs and review future system changes/new features for security impacts
Primary Responsibilities
· Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
· Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines
· Participate in creating secure architectures and designs
· Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
· Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements
· Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts
· Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
· Performing vulnerability scanning and analysis of the system
· Perform remediation and develop security implementations based on security findings
· Interface with Information System Security Managers (ISSM) to develop and accredit the system
· Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief management
Qualifications:Experience level: 6-10 years
· Active TS/SCI with Polygraph
· Typically requires a Bachelor of Science (BS) degree, or relevant demonstrable experience
· Other qualifications:
o Hands on experience with Linux (CLI)
o Hands on experience with scripting and programming languages like BASH and Python
o Solid understanding of, experience with networking (e.g., ports, routing tables, subnets, VPNs, firewalls, routers, etc.) to include design, integration and troubleshooting issues
o Experience in working on teams utilizing Agile workflows and processes
o Strong understanding of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and Common Vulnerabilities and Exposures (CVEs)
o Experience with RMF workflow tools
o Strong communication, organizational, and writing skills
§ Must be able to clearly and directly articulate their findings and recommendations.
§ Must be open minded to considering alternative approaches to possible security issues noted by other team members