Information Systems Security Engineer (COMSEC)

Northstrat is seeking an Information Systems Security Engineer to join our team. The ideal candidate will have experience in the following areas: secure software engineering practices in support of Department of Defense (DoD) or Intelligence Community (IC) customers, application of NIST Special Publications 800 security controls and the Risk Management Framework (RMF) process, and system vulnerability scanning.

• Planning and managing the system application of NIST Special Publications 800 series security controls
• Perform system vulnerability scanning, documenting results, and working with the development team to address security findings
• Generation of comprehensive system security documentation and artifacts, to include a Plan of Action and Milestones (POA&M), for obtaining and maintaining Interim Authorization to Test (IATT), Authority to Connect (ATC) and Authorization to Operate (ATO)
• Work collaboratively with team members, Information Assurance, Information Security Engineering, and other Subject Matter Experts to resolve security issues
• Maintain thorough documentation of all activities and communications through ticketing systems, operational briefs, and status reports

• Knowledge of, and practical experience with the NIST Special Publications 800 Series and the Risk Management Framework (RMF) process
• Familiar with secure software engineering practices in support of Department of Defense (DoD) or Intelligence Community (IC) customers
• Experience with Authorization and Accreditation (A&A) process using RMF for classified systems obtaining and maintaining Interim Authorization to Test (IATT), Authority to Connect (ATC) and Authorization to Operate (ATO)
• Experience with vulnerability scanning
• Experience with security tools such as: Assured Compliance Assessment Solution (ACAS), and Security Technical Implementation Guide (STIG)
• Familiar with information security principles and best practices
• Excellent communication and collaboration skills
• Ability to work independently and as part of a team

• Familiar with tiered security environments (U, S, TS)
• Familiar with AWS security services
• Familiar with AWS infrastructure services
• Familiar with Agile development methodologies

• Must have bachelor's degree in a STEM related field plus 6 years of relevant experience
• CompTIA Security+ certification is required
• Must be a U.S. citizen absolutely no exceptions
• An active Top-Secret clearance is required with SCI or SCI eligible
• Strong COMSEC background - Know the difference between USEAD Keying material and firefly keying material
• Distribution and transfer (KMI/OTAT)
• Experience with key dispositions to include SKMP (symmetric key management plan)
• Experience with key disposition requirements via NSA/CSS/ Policy Manual 3-16
• Knowledge of KEK/TEK key pairs
• Understand OSI Model: layer 1, 2, 3, and 4
• Experience interpreting network topologies to understand data plane/control plane
• Experience with any UHF/VHF/SHF/EHF satcom receiver/transmitter or transceiver

Northstrat values true work-life balance. We offer power of choice benefits designed to best meet the needs of you and your lifestyle. Our benefits programs are designed to support and encourage wellness, healthy living, retirement investment, and lifetime learning.

Northstrat is an Equal Opportunity Employer. We are committed to fostering an inclusive, diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, veteran status or other legally protected status.

Mid-Senior level

Full-time

Information Technology

IT Services and IT Consulting