What are the responsibilities and job description for the Information System Security Engineer (ISSE) III position at StratasCorp Technologies?
Duties
Our team has an immediate need for an Information System Security Engineer (ISSE) III. The Information System Security Engineer (ISSE) will assist with the developing, maintaining, and tracking Risk Management Framework (RMF) system security plans which include System Categorization Forms, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M). The contractor shall provide cybersecurity support for the Code 104 Information Technology Operations Division in the area of Information System Security Engineer (ISSE) support. These duties include, but are not limited to:
Our team has an immediate need for an Information System Security Engineer (ISSE) III. The Information System Security Engineer (ISSE) will assist with the developing, maintaining, and tracking Risk Management Framework (RMF) system security plans which include System Categorization Forms, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M). The contractor shall provide cybersecurity support for the Code 104 Information Technology Operations Division in the area of Information System Security Engineer (ISSE) support. These duties include, but are not limited to:
- Assessment & Authorization (A&A)
- Cybersecurity Compliance and Audit Readiness
- Information Assurance Vulnerability Management (IAVM)
- Vulnerability Scanning and Remediation
- Application and Implementation of Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs)
- Execute the RMF process in support of obtaining and maintaining Interim Authority to Test (IATT), AO approval, Authorization to Operate (ATO), and Denial of Authorization to Operate (DATO)
- Identify and tailor IT and CS security control baselines based on RMF guidelines and categorization of the RMF boundary. Perform Ports, Protocols, and Services Management (PPSM). Perform IT and CS vulnerability-level risk assessments
- Execute security control testing as required by a risk assessment or annual security review (ASR)
- Mitigate and remediate IT and CS system level vulnerabilities for all assets within the boundary per STIG requirements
- Develop and maintain Plans of Actions and Milestones (POA&M) in Enterprise Mission Assurance Support Service (eMASS)
- Seven (7) years professional experience capturing and refining information security operational and security requirements, and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations
- Bachelor’s degree in computer science, information technology, or an equivalent technical degree from an accredited college or university
- IAT-III certification (any of the following):
- CASP CE
- CCNP Security
- CISA
- CISSP (or Associate)
- JGCED
- GCIH
- CCSP)