Overview

Spathe is currently searching for a Information Systems Security Engineer (ISSE) to join our team in the Arlington, VA area.

Spathe Systems is a rapidly growing SOF led, 8(a) defense contractor headquartered in Tampa, FL with offices in Fayetteville, NC and strategic partner locations in Virginia Beach and Coronado. As a small business with a tight knit family feel, Spathe empowers its employees to solve problems and make decisions.

Responsibilities

• The ISSE will work as part of a team reviewing and assessing Risk Management Framework (RMF) authorization body of evidence for classified information systems, to include: System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Continuous Monitoring Plan, Incident Response Plan, Access Control Plan, Security Assessment Plan, etc.
• Review new and existing systems for technical compliance with IA directives and protection of data at all classification levels including SCI. Advise on in-depth security design review and threat/risk assessments.
• Provide inputs to technical artifacts, including Plans of Action and Milestones (POA&Ms), Security Control Traceability Matrices (SCTM), and Risk Assessment Reports (RARs).
• Conduct site visits and assessments to inspect IA plans and security control implementations and support Incident Response Team (IRT) activities.

Nice to haves: 

• Other Security related certification (Cloud, SIEM, forensics, Linux, Windows, etc)
• Experience working in a DevSecOps project environment.
• Formerly or currently a system administrator, developer, or engineer.
• Experience with OpenRMF, eMASS, MS Active Directory, Splunk, ACAS/Nessus, McAfee, Windows, Linux, AWS Security, etc.
• Strong verbal and written communication skills. Able to engage with users in a professional manner and present technical concepts plainly to semi-technical customers. Ability to interface with seasoned Government personnel.
• Ability to work in a matrixed team environment and support multiple different efforts as needed.
• Desire to learn new technologies and tools and willing to share your experience with the team
• JSIG or ICD 503 compliance

Qualifications

Must haves:

• DoD 8570 IAT Level II certification or higher (Sec , CISSP, CASP, etc.)
• Ability to support a hybrid work schedule with 2-3 days per week on-site (Arlington, VA)
• 5 years of implementing NIST 800-53, Rev 4 and the Risk Management Framework (RMF)
• 5 years of experience with Windows and Linux environments.
• 5 years of experience with virtualization or cloud environments.
• 2 years of using information security and assurance practices and principles.

Clearance Required:

• An active Secret and willingness to take a Polygraph if/when selected by the client

Job Type:

• Full Time 

Work Location:

• One location – Arlington, VA

Travel:

• Up to 10% travel during the year.

Benefits:

• Health insurance
• Dental insurance
• Retirement plan
• Paid time off
• 11 paid holidays per year

Position ID: JF01ISSE