What are the responsibilities and job description for the INFORMATION SYSTEM SECURITY ENGINEER (Must have TS/SCI w/CI Poly Clearance) position at NorthHill Technology?
One of our premier clients has an immediate need for a full-time Information System Security Engineer (ISSE) to work on-site at their headquarters location in Fairfax, VA. A successful candidate must have a TS/SCI w/CI Poly clearance to be considered for this position.
Job Description: Seeking an Information System Security Engineer (ISSE). The role of the ISSE is to
bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and
procedures for Government (DoD, Intelligence Community) sectors information systems and sufficient
technical knowledge and experience to implement them. The ISSE will work closely and effectively
with the Information System Security Manager (ISSM) ISSM, and the Program Manger on all aspects of
their development and implementation programs. Candidates should have in-depth understanding of the
cybersecurity policies and procedures for Government sector information systems and sufficient
technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they
work towards accreditation and then to maintain the accreditation. The candidate will contribute to
the team’s successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and
related documentation such as security concept of operations, systems security plans, security
control assessments, contingency plans, configuration management plans, incident response plans,
plan of actions and milestones, risk management plans, vulnerability and compliance scanning,
and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will
be supporting a larger team of developers, engineers, and analysts all charged with expanding,
operating, and maintaining information systems built upon hundreds of Linux instances on virtual
and bare metal hardware. Team responsibilities include Linux system build automation, network
architecture and implementation, all facets of cyber security compliance, deployment and management
of core subsystems and services such as DNS, FreeIPA, email, Jira, Elastic Stack, VMware, Veeam.
The team also maintains a small number of Windows systems. The ISSE will assume responsibility for
ICD-503 RMF process for these multiple information systems including patching, scans, reports,
documentation, coordinating plans of actions and milestones, audit log reviews and other related
duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet
program needs. Candidate must possess the ability to communicate effectively and be flexible,
adaptable, and willing to take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and
will be expected to cross train and support other areas as needed. Superior attention to detail is
required. Must exhibit positive attitude and good customer service skills in sometimes stressful
situations, such as during outage troubleshooting and resolution.
Required Skills:
• Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence
Community (IC) customers, which includes developing and reviewing security concept of operations,
systems security plans, security control assessments, contingency plans, configuration management
plans, incident response plans, plan of actions and milestones, risk management plans,
vulnerability and compliance scanning, and/or vulnerability management plans. Must have significant
expertise in ICD- 503 C&A process and documentation preparation.
• Security engineering experience; which includes systems engineering principles, configuration
management, supply chain, requirements analysis, system development (software and hardware);
network security architecture concepts (topology, protocols, components); and/or IT security
principles and methods (firewalls, demilitarized zones, encryption).
• Required experience with ICD-503 security frameworks to include C&A process and documentation
preparation. Also desired is experience in NIST SP 800-37, CNSS publications, and other Risk
Management Framework (RMF) processes.
• Experience providing continuous monitoring support for information systems to include expertise
in USG security compliance processes, scan tools and systems (NESSUS, NMAP, Rapid7, WebInspect,
AppDetective, Nipper, ICD-503 RMF, SNOW)
• Advanced problem solving skills: able to use prior experience and knowledge to address new
situations; especially during interactions with clients.
• Experience providing assistance to A&A test and evaluation activities.
• Demonstrated advanced analytical skills: able to use prior experience and knowledge to
seamlessly incorporate new knowledge or information during client interactions.
• Demonstrated ability to work seamlessly with the program and development team to be able to
communicate security practices from the development requirements
• Be able to evaluate proposed security architectures and designs and provide input as to the
adequacy of those security designs to meet required security compliance objectives
• Security certification (Security or CISSP)
Desired Skills:
• Proficiency with Windows and Red Hat Linux/Unix environments to include Red Hat Certified System
Engineer (RHCSE) or equivalent skills. 5 years’ experience as Linux system engineer/admin
• Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent
skills and experience
• Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system
administration and file management
• Experience with Puppet, Ansible, and/or Foreman
• Experience with SNOW and ServiceNow
• Experience configuring, securing, managing and troubleshooting Linux/Unix systems
• Familiar with source code control tools such as: git, gitlab, cvs, svn
• Experience with log aggregation tools used for audit log purposes from all sources, including
Linux and Windows systems, Networking equipment, and applications
• Experience with public key infrastructure (PKI), secure shell (ssh) configuration and
troubleshooting, sssd, httpd
• Experience with Amazon Web Services or other cloud technologies
• Experience deploying SAN storage preferably from IBM (GPFS)
• Experience bootstrapping HPE servers, configuring storage, iLO
• Experience deploying enterprise monitoring tools such as Grafana
• Experience with VMware VSAN, vCenter, replication, Veeam backup integration
• Experience with relational database technologies such as Oracle and MySQL
• Advanced writing skills: able to clearly articulate ideas for executive level as well as
technical staff consumption
Education and Experience:
• Bachelor’s Degree in Computer Science, Information Technology, related field, plus 10 years
of experience is desired.
Job Description: Seeking an Information System Security Engineer (ISSE). The role of the ISSE is to
bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and
procedures for Government (DoD, Intelligence Community) sectors information systems and sufficient
technical knowledge and experience to implement them. The ISSE will work closely and effectively
with the Information System Security Manager (ISSM) ISSM, and the Program Manger on all aspects of
their development and implementation programs. Candidates should have in-depth understanding of the
cybersecurity policies and procedures for Government sector information systems and sufficient
technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they
work towards accreditation and then to maintain the accreditation. The candidate will contribute to
the team’s successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and
related documentation such as security concept of operations, systems security plans, security
control assessments, contingency plans, configuration management plans, incident response plans,
plan of actions and milestones, risk management plans, vulnerability and compliance scanning,
and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will
be supporting a larger team of developers, engineers, and analysts all charged with expanding,
operating, and maintaining information systems built upon hundreds of Linux instances on virtual
and bare metal hardware. Team responsibilities include Linux system build automation, network
architecture and implementation, all facets of cyber security compliance, deployment and management
of core subsystems and services such as DNS, FreeIPA, email, Jira, Elastic Stack, VMware, Veeam.
The team also maintains a small number of Windows systems. The ISSE will assume responsibility for
ICD-503 RMF process for these multiple information systems including patching, scans, reports,
documentation, coordinating plans of actions and milestones, audit log reviews and other related
duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet
program needs. Candidate must possess the ability to communicate effectively and be flexible,
adaptable, and willing to take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and
will be expected to cross train and support other areas as needed. Superior attention to detail is
required. Must exhibit positive attitude and good customer service skills in sometimes stressful
situations, such as during outage troubleshooting and resolution.
Required Skills:
• Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence
Community (IC) customers, which includes developing and reviewing security concept of operations,
systems security plans, security control assessments, contingency plans, configuration management
plans, incident response plans, plan of actions and milestones, risk management plans,
vulnerability and compliance scanning, and/or vulnerability management plans. Must have significant
expertise in ICD- 503 C&A process and documentation preparation.
• Security engineering experience; which includes systems engineering principles, configuration
management, supply chain, requirements analysis, system development (software and hardware);
network security architecture concepts (topology, protocols, components); and/or IT security
principles and methods (firewalls, demilitarized zones, encryption).
• Required experience with ICD-503 security frameworks to include C&A process and documentation
preparation. Also desired is experience in NIST SP 800-37, CNSS publications, and other Risk
Management Framework (RMF) processes.
• Experience providing continuous monitoring support for information systems to include expertise
in USG security compliance processes, scan tools and systems (NESSUS, NMAP, Rapid7, WebInspect,
AppDetective, Nipper, ICD-503 RMF, SNOW)
• Advanced problem solving skills: able to use prior experience and knowledge to address new
situations; especially during interactions with clients.
• Experience providing assistance to A&A test and evaluation activities.
• Demonstrated advanced analytical skills: able to use prior experience and knowledge to
seamlessly incorporate new knowledge or information during client interactions.
• Demonstrated ability to work seamlessly with the program and development team to be able to
communicate security practices from the development requirements
• Be able to evaluate proposed security architectures and designs and provide input as to the
adequacy of those security designs to meet required security compliance objectives
• Security certification (Security or CISSP)
Desired Skills:
• Proficiency with Windows and Red Hat Linux/Unix environments to include Red Hat Certified System
Engineer (RHCSE) or equivalent skills. 5 years’ experience as Linux system engineer/admin
• Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent
skills and experience
• Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system
administration and file management
• Experience with Puppet, Ansible, and/or Foreman
• Experience with SNOW and ServiceNow
• Experience configuring, securing, managing and troubleshooting Linux/Unix systems
• Familiar with source code control tools such as: git, gitlab, cvs, svn
• Experience with log aggregation tools used for audit log purposes from all sources, including
Linux and Windows systems, Networking equipment, and applications
• Experience with public key infrastructure (PKI), secure shell (ssh) configuration and
troubleshooting, sssd, httpd
• Experience with Amazon Web Services or other cloud technologies
• Experience deploying SAN storage preferably from IBM (GPFS)
• Experience bootstrapping HPE servers, configuring storage, iLO
• Experience deploying enterprise monitoring tools such as Grafana
• Experience with VMware VSAN, vCenter, replication, Veeam backup integration
• Experience with relational database technologies such as Oracle and MySQL
• Advanced writing skills: able to clearly articulate ideas for executive level as well as
technical staff consumption
Education and Experience:
• Bachelor’s Degree in Computer Science, Information Technology, related field, plus 10 years
of experience is desired.
