Information Systems Security Engineer (ISSE)

I

Input Technology Solutions

Information Systems Security Engineer (ISSE)

Germantown, MD
Full Time
Paid
  • Responsibilities

    Input Technology Solutions is seeking an Information Systems Security Engineer (ISSE) to support our DOE customer in Germantown, MD.

    Responsibilities:

    The primary responsibilities of the position are to utilize and configure existing cybersecurity tools to perform the monitoring, analysis, correlation and reporting of cybersecurity issues and incidents.

    Other responsibilities are to provide guidance and recommendations for new tools based on changes in threats, architecture, technological advances, or organization mission; implementation of new tools and modifications to architecture; updates, maintenance, and monitoring of cyber security tools; analyze changes, events, and other potential incidents for risk to the environment; event analysis, incident determination, and incident management. This security engineer reports directly to leadership; must have strong verbal and written communication skills for presentations related to activities.

     Duties, Tasks & Responsibilities:

    • Ensuring the implementation of DOE and NNSA cybersecurity policies and procedures for designated information systems
    • Conducting the Assessment and Authorization (A&A) activities for designated systems
    • Documenting the implementation of protection measures within the security plan for the systems
    • Ensuring the appropriate access is provisioned for users of designated systems
    • Identifying, assessing, and documenting threats and risks to designated systems
    • Capturing and maintaining information system security artifacts
    • Conducting cybersecurity tests and assessments and providing results of these activities to the ISSM
    • Evaluating the security impact and recommending implementation strategies for security significant changes to the assigned information systems
    • Identifying cyber security training needs in terms of job responsibilities or roles
    • Conducting information system risk assessments
    • Responding to and reporting of incidents related to their assigned information systems
    • Development of security processes and procedures to support the ISSM’s Cyber Security Program
    • Creating and maintaining disaster recovery and incident response plans and participating in associated training
    • Formally and informally presents information in group and individual settings

    Qualifications:

    Required Experience, Education, Skills & Technologies:

    • US Citizenship (no dual citizenship permitted)
    • A bachelor’s degree from an accredited college or university emphasizing information systems management and/or security arena. Four years of technical work experience may be substituted for education requirements. One year of higher education can be substituted for one year of technical experience.
    • Prior experience with web application scanning
    • Five (5) years of related work experience with a preference in experience applying techniques used by cyber security personnel.
    • Strong system administration experience with Windows and Linux
    • Demonstrated capability to identify security risks throughout information system network structures to include the Operating Systems, hardware, and various data transfer protocols.
    • Experience with Security Incident and Event Management tools, Log Management and Correlation tools, and Antivirus/anti-malware tools.
    • Effective communication and presentation skills (i.e., ability to present ideas effectively in formal and informal situations in group and individual settings).
    • Strong planning, organizational, and time management skills (i.e., ability to effectively plan, organize, and prioritize work, and to control and follow up to assure work completion).
    • Demonstrated initiative (i.e. initiate appropriate action without being directed) and ability to work independently.
    • Strong interpersonal skills (e.g., ability to work effectively on teams, communicate effectively, work/interact effectively and amicably with people from diverse backgrounds and cultures and with diverse personal attributes).

    Preferred Experience, Education, Skills & Technologies:

    • Experience with forensics a plus
    • Experience with implementing, monitoring and maintaining the following technologies is preferred:
    • Windows Server Operating Systems
    • Tenable Security Center
    • Red Hat Enterprise Linux
    • SourceFire IPS
    • Splunk
    • BurpSuite
    • HP WebInspect
    • McAfee ePO

    Security Clearance Level:

    • TS or DOE Q

    Certifications:

    • Must be able to maintain the appropriate NICE framework certification level by obtaining/holding at least one certification within 6 months of hire (e.g. CCISO, CISSP, CISM).