Information Systems Security Engineer (ISSE)

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Candidates MUST have be a US Citizen with an active Top Secret clearance for consideration (TS/SCI with Poly is preferred). This position is not remote; work is 100% onsite in Springfield, VA.

The Information Systems Security Engineer (ISSE) supports the Information Technology (IT) Engineering team within the Systems Engineering and Architecture Services (SEAS) division as the Subject Matter Expert (SME) in the System Security Engineering (SSE), Cyber Resiliency, and the overall information system security engineering processes. The ISSE works directly with the Activity’s Information Security Architect (ISA), Enterprise Architects, and Systems Engineers (SEs) to ensure that SSE and Cyber Resiliency objectives, techniques, approaches, and design principles are fully represented and included in all systems engineering and development efforts. The ISSE's involvement is ever present throughout the systems development life cycle (SDLC) to include requirements definition, design, engineering, implementation, testing, validation, verification, continuous monitoring, and on-going vulnerability remediation for all information systems under the cognizance of the Activity's Chief Information Officer (CIO). The ISSE is ultimately responsible for protecting the CIO's information systems from unauthorized system activity or behavior to provide confidentiality, integrity, and availability.

Responsibilities of the ISSE include, but are not limited to:

• Discover Information System Protection Needs through analyzing the Activity's mission; identifying legal and regulatory requirements; identify classes of threats; determining impacts against risk; identifying security services; documenting the protection needs; and identifying design constraints.
• Define System Security Requirements by developing the system security context, Security Concept of Operations {CONOPs), and Security Requirements Baselines from the gathered Customer and Stakeholder requirements.
• Design System Security Architecture by working with SEs in areas of functional analysis and allocation by analyzing candidate architectures, allocating security services, and selecting security mechanisms. The ISSE identifies components or elements, allocates security functions to those elements, and describes the relationships between the elements.
• Develop Detailed Security Design by analyzing design constraints, analyzing trade-offs, generating detailed system and security design, with life-cycle support consideration.
• Implement System Security from the hands-on approach to participation in a multidisciplinary examination of all systems issues that provides input to the Certification and Accreditation(C&A) process activities.
• Assess Information Protection Effectiveness by focusing on the effectiveness of the information protection whether the system can provide confidentiality, integrity, availability, authentication, and nonrepudiation for the information it is processing that is required for mission success.
• Evaluate Commercial off the Shelf (COTS} and Government off the Shelf (GOTS} technologies - systems, applications, and services - against the Activity's INFOSEC and Cybersecurity requirements and needs.
• Conduct INFOSEC and Cybersecurity assessment testing and reporting in accordance with the RMF and NIST 800 53; identifies deficiencies and documents them as Plans of Actions and Milestones (POA&Ms) and provides recommendations for solutions in line with best practices and security industry standards.
• Supports the A&E SEs in the implementation, testing, and operational control (OPCON) transfer of INFOSEC and Cybersecurity related solutions the Activity's respective IT Operations and Maintenance (ITOM) teams.
• Support the Activity's IT Change Management process by performing technical reviews of proposed and planned changes from the context of INFOSEC and Cybersecurity to identify risks and threats and support the remediation or mitigation prior to implementation.
• Provides SME consulting services and escalated support to all aspects and groups of the Activity's IT organization, Stakeholders, and customer base in the specialty focus of SSE and Cyber Resiliency.
• Provides mentorship and on the job training (OJT) to junior and/or lesser experienced personnel.

Qualifications

• Shall be Comp TIA Advanced Security Practitioner (CASP+) or ISC2 Certified Information Systems Security Professional (CISSP) (or Associate) certified.
• Shall have 7 or more years of progressive experience successfully leading the employment of SSE techniques, methodologies, processes, and practices to securely architect, design, engineer, implement, test, validate, verify, and deliver a variety of enterprise-grade IT solutions across multi-platform (i.e., Microsoft and *nix based) information systems in a secure manner.
• Shall have 5 or more years of progressive experiencing personally driving Customer and Stakeholder system security requirements gathering exercises to discover, capture, analyze, and decompose the information protection needs such that formal system security requirements can be developed.
• Shall have 5 or more years of experience in ingesting INFOSEC and Cybersecurity risks and threats, categorizing and classifying the risk and threat, evaluating remediation and mitigation alternatives, proposing, and defending your recommendation, implementing the final remediation, and testing and verifying the implemented remediation/mitigation addresses the identified threat to a Customer acceptable level.
• Shall have 5 or more years of experiencing with supporting SSE activities in secure processing environments which must adhere to U.S. Government (USG) Information Assurance and Security standards such as the Defense Information Systems Agency (DISA) Security
• Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs).
• Shall have 3 or more years of hands-on experiencing using common INFOSEC and Cybersecurity tools in direct support of USG and Department of Defense (DOD) security and compliance efforts such as Tenable Nessus and Security Center, McAfee ePolicy Orchestrator (ePO), DISA's Security Compliance Checker (SCC) and Security Content Automation Protocol (SCAP) content.
• Shall meet the minimum credential requirements for a Cyber IT/Cybersecurity Workforce (CSWF) position as defined in Section 6, Table 3.

Desired Qualifications:

• Strongly desired to be ISC2 CISSP - Information Systems Security Engineering Professional (ISSEP) certified.
• Technical certifications in industry standard enterprise level operating systems (OS), applications and technologies such as Microsoft, Nutanix, Red Hat, Splunk, and VMware are a plus.
• Demonstrated experience employing Cyber resiliency engineering practices to include the methods, processes, modeling, and analytical techniques use to identify and analyze proposed cyber resiliency solutions.
• Demonstrated experience working with the and securing current Microsoft technologies such as Active Directory Domain Services, Windows, Windows Server, Exchange, SQL Server, and IIS Server.
• Demonstrated experience working with and securing current Red Hat technologies such as Red Hat Enterprise Linux, Satellite, Kickstart, and Ansible.
• Demonstrated experience leveraging scripting (e.g., PowerShell, Python) and/or technologies (e.g., Ansible, Chef, Puppet, PowerShell Desired State Configuration (DSC) to automate the implementation, testing, verification, validation, and monitoring of system security configurations.
• Demonstrated experience working with McAfee ePolicy Orchestrator and other enterprise-level McAfee products (Endpoint Security (ENS), Management for Optimized Virtual Environments (MOVE), VirusScan Enterprise for Storage (VSES), etc.) to secure USG DOD multi-platform information systems.
• Demonstrated experience working with DevSecOps Engineers, Software Developers, and Software Engineers and a combination of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to secure application and coding practices.
• Demonstrated experience working closely with Information System Security Officers (ISSOs) to support inspection, investigation, validation, and C&A activities.
• Experienced directly supporting the DoDI 8510.01, Risk Management Framework (RMF) for Department of Defense (DOD) IT.
• Familiarity with National Institute of Standards and Technology (NIST) Special Publication 800- 160 Volume 1: Systems Security Engineering.
• Familiarity with NIST Special Publication 800-160 Volume 2: Developing Cyber Resilient Systems.
• Familiarity with the NSA Information Assurance Technical Framework (IATF).

Requests for reasonable accommodations will be considered to enable individuals with disabilities to perform the principal (essential) functions of this job.

Security Clearance

• This position requires U.S. Citizenship and an active DoD TS/SCI clearance with the ability to obtain a CI Poly.

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 700 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,000 Enterprise-Level customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• 100% employer-paid medical and dental premiums with generous employer family contributions
• 11 corporate holidays in 2022 (12 in 2023) and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Care plan