Cloud ISSE (Information Systems Security Engineer)

Overview

Falconwood, Inc. is a woman/veteran-owned business providing executive level consultants and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs. We provide expert consultation on a diverse range of IT subjects focusing on acquisition strategy, implementation activities, cloud computing, systems engineering, and cyber security policy and engineering.We have an immediate opening for a Cloud ISSE to join our Azure-based cloud operations team, working alongside Azure DSO Cloud Engineers and ITSM Analyst/Developers. This role focuses on developing and maintaining a robust cybersecurity architecture for Azure cloud environments, ensuring compliance with DoD standards, and securing cloud services through the system lifecycle. The Cloud ISSE will provide expertise in risk management, artifact development, and security assessments to achieve and maintain authorizations for cloud systems.

Responsibilities

Requirements for the Cloud ISSE are as follows:

• Develop and maintain a comprehensive cybersecurity architecture for Azure cloud environments, ensuring alignment with DoD Instruction 8510.01 and the Navy Risk Management Framework (RMF) Process Guide (RPG).
• Lead the creation, review, and maintenance of authorization artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs), within the Enterprise Mission Assurance Support Service (eMASS).
• Conduct NIST 800-53 control assessments, technical security testing, and vulnerability scans using tools like ACAS, STIGs, and Azure-native security services to support Authorization to Operate (ATO) processes.
• Manage authorization maintenance activities, including annual security reviews, POAM updates, and compliance with ATO stipulations across Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) models.
• Collaborate with Azure DSO Cloud Engineers to perform security impact analyses for proposed system changes, ensuring secure integration of Infrastructure-as-Code (IaC) and DevSecOps pipelines.
• Leverage Azure Monitor, Azure Security Center, and Splunk for event monitoring, log analysis, and incident response to maintain a secure cloud environment.
• Establish and maintain inheritance profiles with Azure Cloud Service Providers to streamline compliance and reduce assessment overhead.
• Support cybersecurity processes, including Command Cyber Readiness Inspections (CCRI), Web Risk Assessments, and other audits, by providing documentation and remediation plans.
• Work with the ITSM Analyst/Developer team to integrate security findings into Remedy workflows for efficient incident and problem management.
• Implement and manage security tools like Trellix, Invicti, and Anchore to identify vulnerabilities and ensure compliance with DoD STIGs and security baselines.
• Provide technical guidance to operations teams on interpreting ACAS and STIG results, ensuring alignment with authorization baselines and secure configurations.
• Develop and recommend improvements to cybersecurity processes, policies, and tools to enhance efficiency and compliance.
• Document security configurations, processes, and lessons learned to support audit readiness and team knowledge sharing.
• Participate in Agile processes, including sprint planning and daily stand-ups, to align security tasks with team objectives.
• Engage with Falconwood’s Cloud Center of Excellence (CCoE) to promote best practices in cloud security and risk management.

Qualifications

Required Qualifications:

• Minimum of 4 years of experience in cybersecurity, with at least 2 years focused on cloud security engineering in Azure or similar cloud environments.
• Proven expertise in achieving and maintaining DoD cloud authorizations under RMF, including artifact development and eMASS management.
• Hands-on experience with NIST 800-53 control assessments, ACAS scanning, and STIG compliance in cloud environments.
• Proficiency in using Azure security tools (e.g., Azure Security Center, Azure Sentinel) and Splunk for event monitoring and log analysis.
• Familiarity with Infrastructure-as-Code (IaC) tools like Terraform or Bicep and their security implications in cloud deployments.
• Knowledge of DoD cybersecurity standards (e.g., NIST 800-53, DoD STIGs) and their application in cloud environments.
• Experience with security tools such as Trellix, Invicti, or Anchore for vulnerability management.
• Strong understanding of Azure services, including compute, storage, networking, and identity management, from a security perspective.
• Minimum SECRET clearance and a DoD 8570 IAM Level II certification (e.g., CISSP, CAP, or Security+ with relevant CE).
• Ability to work independently, prioritize tasks, and meet deadlines in a fast-paced environment.
• Excellent critical thinking, problem-solving, and communication skills for collaborating with technical and non-technical stakeholders.
• Proficiency in Microsoft Office applications (Word, Excel, PowerPoint, Outlook) for documentation and reporting.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience).

Preferred Qualifications:

• Experience in operational IT roles (e.g., systems administrator, operations lead, or security analyst) within DoD environments.
• Familiarity with DevSecOps practices, including securing CI/CD pipelines and GitHub Advanced Security tools (CodeQL, Dependabot, SBOM).
• Hands-on experience with Remedy for integrating security findings into ITSM workflows.
• Azure security certifications (e.g., Azure Security Engineer Associate, Microsoft Cybersecurity Architect).
• AWS or other cloud platform experience, demonstrating adaptability to multi-cloud environments.
• Familiarity with DoD enterprise architectures, particularly Navy or Marine Corps systems.
• Knowledge of software configuration management, release automation, or cloud migration processes from a security perspective.

Pay Range

$120k - $150k