Information Systems Security Engineer

We are an employee-centric company that truly appreciates our team members and their value to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and fostering teams that are and continue to be technically proficient and technically capable across a comprehensive range of cyber mission areas. OneZero full-time employees receive an extremely competitive benefits package that includes health/dental/vision/life insurance plans, 401K with company matching, PTO & paid holidays, employee referral program, and educational assistance. Additional details can be found on our website at: https://www.onezerollc.com/careers/

Position Title: Information Systems Security Engineer

Location: Alexandria, VA

Clearance: Secret

Job Summary

• Lead efforts in identifying, implementing, and validating security controls and hardening requirements for web applications, databases, supporting infrastructure, and cloud hosting environments.
• Conduct comprehensive security assessments and perform prescribed continuous monitoring tasks. This includes identifying vulnerabilities and areas of non-compliance, as well as engineering and managing required remediation efforts.
• Serve as the engineering team's primary engagement point for the ISSO team in support of RMF Security Assessment and Authorization (SA&A) and Continuous Monitoring tasks
• Support the system ATO renewal effort by identifying, collecting, and creating required SA&A artifacts such as system drawings, local policies and plans, screenshots and extracts, STIG Checklists, and others as requested by the ISSO team.
• Stay current with evolving security threats, vulnerabilities, and industry best practices.
• Collaborate with ISSO and other DHS teams on incident response and remediation efforts.

Qualifications

• 8+ years of direct experience serving as an Information Systems Security Engineer (ISSE) within the DoD and/or other Federal agencies. USCG experience is a plus.
• Proven track record of success in designing, implementing, and maintaining secure IT systems, local security policies, and administrative procedures.
• Posses in-depth understanding of information security principles and best practices, including DoD STIG, NIST Cybersecurity Framework, Risk Management Framework, NIST System Security Engineering doctrine.
• Possess working knowledge of the DoD RMF Security Assessment methodology and tools like eMASS, NESSUS, and ACAS.
• Demonstrated experience in the application DoD STIG and SRG hardening requirements on Microsoft SQL and IIS servers, applications, and DB instances and sites.
• Strong familiarity with cloud hosting environments and service types (Azure, AWS, SaaS, PaaS, IaaS),
• Working knowledge of the FedRAMP and DoD Provisional Authorization and system Authorization to Operate (ATO) assessment activities and approval workflows.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to work independently and as part of a team in a fast-paced environment.

Requirements

• Active DoD Secret or higher security clearance
• DoD 8570 IAT Level II certification

OneZero Solutions, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access www.onezerollc.com/careers as a result of your disability.

To request an accommodation, please contact us at recruiting@onezerollc.com or call (202) 987-2580.