Sr. Information Systems Security Engineer (ISSE), (Vulnerability Management)

The Information Systems Security Officer (ISSO) manages all aspects of an organization's information security system, including researching, testing, training, and implementing programs to safeguard sensitive information from breaches. The ISSO drives Authority to Operate (ATO) and Authority to Proceed (ATP) efforts and makes independent recommendations to the customer. They understand and execute the Risk Management Framework process, conducting risk analyses and producing documents such as System Security Plans, Security Policies, Contingency Plans, and Business Impact Analyses.

As an Information Systems Security Engineer (ISSE), support the customer in safeguarding networks against unauthorized modification, destruction, or disclosure. Activities include:

1. Conducting risk analyses on products, reviewing CVEs, plugins, CWEs, etc.
2. Explaining and remediating technical security controls.
3. Facilitating Technical Insertions for new products.
4. Reviewing change requests for security impacts and documentation.
5. Participating in Agile Planning Events to provide technical input.
6. Providing technical input into tool trade studies.
7. Implementing security controls in government cloud environments (cloud security experience is highly desired).
8. Researching, testing, evaluating, and implementing new security software or devices.
9. Enforcing and communicating security policies for data, networks, software, hardware, and telecommunications.
10. Managing all aspects of the organization's information security system, including training and program implementation.

Required Education, Experience, & Skills

• Bachelor’s Degree with 7 years of related experience including cloud security OR 10 years of experience in Information Assurance and IT Security.
• Obtain and maintain an IAT Level III baseline certification within 90 days of hire.

Required Clearance: Secret

• Expertise in system security vulnerabilities, remediation techniques, network and web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP).
• Experience with security engineering, system and network security, cryptography, and application security.
• Experience with vulnerability scanning tools such as Burp Suite, Rapid7 InsightVM, Tenable Nessus, and others.
• Ability to analyze vulnerabilities, establish cause and impact, and recommend corrective actions.
• Experience in vulnerability validation, remediation, and testing.
• Proficiency in scripting languages (e.g., Perl, Python, PowerShell).
• Experience with system administration in Windows and Linux.
• Experience with cloud platforms like AWS, Azure, or Google Cloud.

The ISSE supports the ISSO in managing the organization's information security, including risk analysis, compliance reporting, and responding to audit activities.

• Conduct risk analyses from vulnerability scans, pen tests, and audits.
• Submit monthly scan data for FISMA compliance.
• Respond to data calls, scan requests, and reporting requirements.

Desired Certifications: CISSP, CCSP, AWS-SEC, MCASEA

All employment decisions are made without regard to age, race, creed, color, religion, sex, national origin, disability, veteran status, sexual orientation, gender identity, or other protected categories. Illuminate is committed to veteran employment opportunities.