Information Systems Security Engineer (ISSE)

Required Skills & Qualifications:

• TS/SCI with Polygraph level clearance is required.
• BA/BS and 5+ years of experience; Masters and 3+ years of experience; an additional four years may be considered in lieu of a degree.
• Proven experience as an Information Systems Security Engineer, Cybersecurity Engineer, or in a similar security-focused role.
• Deep understanding of security architectures, encryption techniques, firewalls, VPNs, and intrusion detection/prevention systems.
• Experience with security frameworks and standards such as NIST, ISO 27001, CIS, and familiarity with compliance regulations (e.g., GDPR, HIPAA).
• Expertise in vulnerability assessment tools (e.g., Nessus, Qualys) and penetration testing.
• Knowledge of network security protocols (e.g., TCP/IP, DNS, HTTP/S) and secure coding practices.
• Familiarity with cloud security principles (AWS, Azure, GCP) and securing cloud-based infrastructures.
• Proficiency with security tools such as SIEM (Security Information and Event Management), IDS/IPS, and endpoint protection systems.
• Strong understanding of risk management principles and mitigation strategies.
• Excellent communication skills to report on findings, provide security recommendations, and collaborate with other teams.

Preferred Skills & Qualifications:

• Certifications such as CISSP, CISM, CISA, or other recognized information security certifications.
• Experience with security automation and scripting (e.g., Python, PowerShell, Bash).
• Familiarity with incident response frameworks and tools, such as SANS or NIST Cybersecurity Framework.
• Experience with securing enterprise applications and databases.
• Familiarity with zero-trust architecture and security for modern DevOps environments.
• Experience with forensic analysis and digital evidence handling.

As an Information Systems Security Engineer (ISSE), you will be responsible for designing, implementing, and maintaining robust security systems that protect the organization’s IT infrastructure. You will work closely with other IT professionals to ensure systems comply with security standards and regulations. Your role will include evaluating security risks, performing vulnerability assessments, and applying best practices to mitigate potential security threats. The ideal candidate will have hands-on experience with information security protocols, system hardening, risk management, and security engineering.

Key Responsibilities:

• Design, develop, and implement secure systems and networks, ensuring they meet the organization’s security requirements and industry standards.
• Collaborate with IT teams to integrate security features into the development lifecycle and infrastructure design.
• Conduct security risk assessments and ensure that security architectures are compliant with internal policies and external regulatory requirements.
• Perform vulnerability assessments, penetration testing, and security audits to identify and address potential threats to information systems.
• Assess risks associated with security vulnerabilities and work to mitigate potential threats.
• Recommend security solutions to enhance system resilience, such as intrusion detection/prevention systems (IDS/IPS), encryption, and secure communications protocols.
• Ensure that systems are compliant with relevant security frameworks and regulations (e.g., NIST, ISO 27001, GDPR, HIPAA).
• Implement and enforce security controls to protect the confidentiality, integrity, and availability of sensitive information and systems.
• Develop and enforce access control policies, encryption strategies, and other technical measures to safeguard systems.
• Respond to and investigate security incidents, identifying root causes and ensuring rapid recovery from security breaches.
• Implement incident response procedures, including data collection, analysis, containment, and reporting.
• Stay updated on emerging cybersecurity threats and incorporate threat intelligence into security practices.
• Create and maintain detailed security documentation, including system security plans, risk assessments, and compliance reports.
• Provide regular security status updates and incident reports to leadership and relevant stakeholders.
• Prepare documentation for audits, ensuring adherence to security policies and regulatory requirements.

• Work closely with other IT professionals, developers, and business units to ensure secure application and infrastructure development practices.
• Provide training and awareness programs to staff regarding security best practices and how to recognize potential threats.
• Support and collaborate with other teams to address security gaps in both existing and new systems.

*Position is contingent upon Spring 2025 contract award*