Information Systems Security Engineer Level 2

Salary Range: 175000 to 196000 (Currency: USD) (Pay period: per-year-salary)

Responsibilities

• Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
• Validate and verify system security requirements definitions and analysis and establishes system security designs. 
• Design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements. 
• Build IA into systems deployed to operational environments. 
• Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.
• Support the building of security architectures. 
• Enforce the design and implementation of trusted relations among external systems and architectures. 
• Assess and mitigate system security threats/risks throughout the program life cycle. 
• Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations. 
• Review certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.
• Support security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering designs.

Apply system security engineering expertise in one or more of the following to:

• System security design process
• Engineering life cycle
• Information domain
• Cross-domain solutions
• Commercial off-the-shelf and government off-the-shelf cryptography
• Identification, authentication, and authorization
• System integration
• Risk management 
• Intrusion detection
• Contingency planning
• Incident handling
• Configuration control
• Change management, auditing, certification, and accreditation process
• Principles of IA (confidentiality, integrity, non¬ repudiation, availability, and access control)
• Security testing

Minimum Qualifications

• A minimum of 14 years of experience as an Information System Security Engineer (ISSE) on programs and contracts of similar scope, type, and complexity is required.
• A Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. 
• Note: Four (4) years of lSSE experience may be substituted for a Bachelor's degree.
• DoD 8570.01-M compliance with IASAE Level2 is required.
• A CISSP or CASP+ is required for this position.

Ability to perform the following job tasks:

• Participate as a security engineering representative on engineering teams for the design, development, implementation, and/or integration of secure networking, computing, and enclave environments.
• Participate as a security engineering representative on engineering teams for the design, development, implementation, and/or integration of IA architectures, systems, or system components.
• Participate as the primary security engineering representative on engineering teams for the design, development, implementation, evaluation, and/or integration of secure networking, computing, and enclave environments.
• Participate as the primary security engineering representative on engineering teams for the design, development, implementation, evaluation, and/or integration of IA architectures, systems, or system components.
• Support the Government in enforcing the design and implementation of trusted relationships among external systems and architectures.
• Apply knowledge of lA policy,  procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
• Support security planning, assessment, risk analysis, and risk management.
• Identify overall security requirements for the proper handling of Government data.
• Interact with the customer and other project team members.
• Perform system or network designs that encompass multiple enclaves, including those with differing data protection/classification requirements.
• Provide security planning, assessment, risk analysis, and risk management.
• Recommend system-level solutions to resolve security requirements.
• Support the Government in enforcing the design and implementation of trusted relationships among external systems and architectures.

Preferred Qualifications

• RMF/Risk Assessments, Network Architecture, Zero Trust, System Modeling (Cameo) a plus