Information Systems Security Engineer (ISSE)

Tasks

• Apply IAVA and CTO tasking
• Certify security controls and countermeasures
• Conduct RMF steps 1 to 4 assessments
• Conduct security evaluations, audits, and reviews
• Coordinate IAVM and CTO programs
• Create security documentation
• Develop POA and M artifacts
• Develop configuration management policies
• Enforce restricted access area security requirements
• Generate scorecards and inventories
• Implement risk management framework
• Inspect physical security requirements for secure areas
• Investigate rogue devices
• Maintain Assess and Authorization packages
• Maintain POA and M logs
• Maintain RMF step 6 continuous monitoring
• Maintain SIPRNet account information
• Maintain accreditation status in eMASS
• Manage HBSS
• Manage INFOSEC training
• Manage VRAM
• Manage user accounts and access approvals
• Monitor system software and hardware changes
• Monitor user training certificates
• Perform ACAS scans
• Perform SRG compliance scans
• Perform STIG compliance scans
• Perform discovery scans
• Perform quarterly STIG verification
• Perform vulnerability scanning
• Provide PKI and CAC support
• Provide security compliance and risk mitigation support
• Support ATO and ATC for systems
• Support Assured Compliance Assessment Solution scanning
• Update eMASS documentation
• Update hardware lists and diagrams in eMASS
• Update ports protocols and services lists

Perks/Benefits

• 401k
• Dental insurance
• Disability insurance
• Health insurance
• Life insurance
• Professional training reimbursement

Skills/Tech-stack

ACAS | Access Control | Assured compliance assessment solution | Business Continuity | CAC | CTO | Common Access Card | Configuration Management | Continuous Monitoring | EMASS | HBSS | IAVA | Incident Handling | Information security | Log Management | Management Framework | Network Diagrams | PKI | Ports protocols | Ports, Protocols, and Services | RMF | Risk Management | Risk Management Framework | SIPRNet | SRG | STIG | Security Compliance | Security Testing | Security auditing | Security controls | Threat and Vulnerability | Threat and Vulnerability Management | VRAM | Vulnerability Management | Vulnerability scanning