Information Systems Security Engineer (ISSE)

Description

DESCRIPTION:

The Information System Security Engineer (ISSE) III is responsible for conducting comprehensive security assessments, including Federal Management System (FISMA) reviews, to identify vulnerabilities and ensure compliance with relevant security standards and regulations. 

KEY RESPONSIBILITIES:

• Collaborate with various stakeholders across the organization to evaluate security controls, provide remediation guidance, and promote a secure IT environment
• Lead and conduct comprehensive security assessments of information systems, applications, and infrastructure, including FISMA reviews
• Evaluate the effectiveness of security controls and identify vulnerabilities
• Analyze security risks and provide recommendations for mitigation
• Develop and maintain security assessment methodologies and tools
• Ensure compliance with FISMA requirements and guidelines
• Develop and maintain FISMA documentation, including System Security Plans (SSPs), risk assessments, and continuous monitoring plans
• Conduct FISMA audits and assessments
• Provide guidance and support to system owners on FISMA compliance
• Identify and analyze security vulnerabilities in systems and applications
• Prioritize vulnerabilities based on risk and impact
• Develop and implement remediation plans
• Track and report on vulnerability remediation progress
• Review and evaluate security architecture designs
• Provide security guidance and recommendations to architects and engineers
• Ensure that security controls are integrated into system designs
• Collaborate with system owners, IT staff, and other stakeholders to conduct security assessments and implement remediation measures
• Communicate effectively with technical and non-technical audiences
• Provide security awareness training and guidance. 
• Take directions from the Assessment Services Team Lead
• Mentor and Direct subordinate Assessment Services Team staff

#qf

#pmf

Requirements

REQUIRED QUALIFICATIONS: 

• BA/BS in Computer Science/Computer Engineering/Information Systems or closely related field (HS and 4 years of additional experience or AS and 2 years of additional experience may be exchanged in lieu of BA/BS)
• 9 years total experience (Relevant Master’s Degree may be exchanged for 2 years’ experience credit or a relevant PhD may be exchanged for 4 years’ experience credit)
• 5 years of position-specific relevant experience
• Strong understanding of security frameworks, standards, and regulations, such as NIST, ISO 27001, and FISMA
• Experience conducting vulnerability assessments and penetration testing
• Knowledge of security technologies, such as firewalls, intrusion detection/prevention systems and security information and event management (SIEM) tools
• Excellent analytical and problem-solving skills
• Active CompTIA Security+ 
• Active Certified Information Systems Security Professional (CISSP)
• Active Certified Information Security Manager (CISM)
• Ability to work independently and in an agile, collaborative team environment  
• Active US Government Clearance at Secret level or higher 
• Effective written and verbal communications skills for collaboration with both customers and fellow team members
• Ability to sit for extended periods of time and regularly lift at least 25 pounds  
• Ability to commute to the designated onsite work location as required

DESIRED ADDITIONAL QUALIFICATIONS: 

• 7+ years of experience in information security, with a focus on security assessments and FISMA compliance
• Experience in current authorization practices, particularly within the DoD
• Experience with cloud security assessments
• Knowledge of scripting or programming languages
• Experience and/or certifications associated with RMF, ICD 503, NIST SP800-53 or DCID 6/3. Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems certification. Red Hat Enterprise License (RHEL) Linux 7, ACAS, Tenable, and one or more SIEM certifications
• Relevant certifications, such as CISSP, CISM, CISA, or CAP
• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Cloud Security Professional (CCSP), AWS Certified Security Specialty, Azure Security Engineer Associate, Certified in Risk and Information Systems Control (CRISC), ISO 27001 Lead Auditor
• Master's degree in Computer Science/Computer Engineering/Information Systems or closely related field

QBE is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender, gender-identity and/or expression, age, disability, Veteran status, genetic information, pregnancy (including childbirth, lactation, or other related medical conditions), marital-status, neurodivergence, ethnicity, ancestry, caste, military/uniformed service-member status, or any other characteristic protected by applicable federal, state, local, or international law.