Jun 12
Intel Agency (NSA, CIA, FBI, etc)
Senior Level Career (10+ yrs experience)
Occasional travel
CI Polygraph
IT - Security
Fairfax, VA (On-Site/Office)•Greenwood Village, CO (On-Site/Office)
Information System Security Engineer
Fairfax, VA or Greenwood Village, CO
Job Description: Seeking an Information System Security Engineer (ISSE). The role of the ISSE is to bridge the gap
between high level security policies/requirements and technical/operational implementation of those
requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for
Government (DoD, Intelligence Community) sectors information systems and sufficient technical knowledge and
experience to implement them. The ISSE will work closely and effectively with the Information System Security
Manager (ISSM) ISSM, and the Program Manger on all aspects of their development and implementation
programs. Candidates should have in-depth understanding of the cybersecurity policies and procedures for
Government sector information systems and sufficient technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they work
towards accreditation and then to maintain the accreditation. The candidate will contribute to the team’s
successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation
such as security concept of operations, systems security plans, security control assessments, contingency plans,
configuration management plans, incident response plans, plan of actions and milestones, risk management
plans, vulnerability and compliance scanning, and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will be
supporting a larger team of developers, engineers, and analysts all charged with expanding, operating, and
maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware.
Team responsibilities include Linux system build automation, network architecture and implementation, all
facets of cyber security compliance, deployment and management of core subsystems and services such as DNS,
FreeIPA, email, Jira, Elastic Stack, VMware, Veeam. The team also maintains a small number of Windows
systems. The ISSE will assume responsibility for ICD-503 RMF process for these multiple information systems
including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log
reviews and other related duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet program
needs. Candidate must possess the ability to communicate effectively and be flexible, adaptable, and willing to
take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and will be
expected to cross train and support other areas as needed. Superior attention to detail is required. Must exhibit
positive attitude and good customer service skills in sometimes stressful situations, such as during outage
troubleshooting and resolution.
Required Skills:
Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence
Community (IC) customers, which includes developing and reviewing security concept of operations,
systems security plans, security control assessments, contingency plans, configuration management
1
, plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and
compliance scanning, and/or vulnerability management plans. Must have significant expertise in ICD-
503 C&A process and documentation preparation.
Security engineering experience; which includes systems engineering principles, configuration
management, supply chain, requirements analysis, system development (software and hardware);
network security architecture concepts (topology, protocols, components); and/or IT security principles
and methods (firewalls, demilitarized zones, encryption).
Required experience with ICD-503 security frameworks to include C&A process and documentation
preparation. Also desired is experience in NIST SP 800-37, CNSS publications, and other Risk
Management Framework (RMF) processes.
Experience providing continuous monitoring support for information systems to include expertise in
USG security compliance processes, scan tools and systems (NESSUS, NMAP, Rapid7, WebInspect,
AppDetective, Nipper, ICD-503 RMF, SNOW)
Advanced problem solving skills: able to use prior experience and knowledge to address new situations;
especially during interactions with clients.
Experience providing assistance to A&A test and evaluation activities.
Demonstrated advanced analytical skills: able to use prior experience and knowledge to seamlessly
incorporate new knowledge or information during client interactions.
Demonstrated ability to work seamlessly with the program and development team to be able to
communicate security practices from the development requirements
Be able to evaluate proposed security architectures and designs and provide input as to the adequacy of
those security designs to meet required security compliance objectives
Security certification (Security+ or CISSP)
Desired Skills:
Proficiency with Windows and Red Hat Linux/Unix environments to include Red Hat Certified System
Engineer (RHCSE) or equivalent skills. 5+ years’ experience as Linux system engineer/admin
Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent skills and
experience
Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system administration
and file management
Experience with Puppet, Ansible, and/or Foreman
Experience with SNOW and ServiceNow
Experience configuring, securing, managing and troubleshooting Linux/Unix systems
Familiar with source code control tools such as: git, gitlab, cvs, svn
Experience with log aggregation tools used for audit log purposes from all sources, including Linux and
Windows systems, Networking equipment, and applications
Experience with public key infrastructure (PKI), secure shell (ssh) configuration and troubleshooting,
sssd, httpd
Experience with Amazon Web Services or other cloud technologies
Experience deploying SAN storage preferably from IBM (GPFS)
2
, Experience bootstrapping HPE servers, configuring storage, iLO
Experience deploying enterprise monitoring tools such as Grafana
Experience with VMware VSAN, vCenter, replication, Veeam backup integration
Experience with relational database technologies such as Oracle and MySQL
Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff
consumption
Education and Experience:
Bachelor’s Degree in Computer Science, Information Technology, related field, plus 10 years of
experience is desired.
3
Fairfax, VA or Greenwood Village, CO
Job Description: Seeking an Information System Security Engineer (ISSE). The role of the ISSE is to bridge the gap
between high level security policies/requirements and technical/operational implementation of those
requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for
Government (DoD, Intelligence Community) sectors information systems and sufficient technical knowledge and
experience to implement them. The ISSE will work closely and effectively with the Information System Security
Manager (ISSM) ISSM, and the Program Manger on all aspects of their development and implementation
programs. Candidates should have in-depth understanding of the cybersecurity policies and procedures for
Government sector information systems and sufficient technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they work
towards accreditation and then to maintain the accreditation. The candidate will contribute to the team’s
successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation
such as security concept of operations, systems security plans, security control assessments, contingency plans,
configuration management plans, incident response plans, plan of actions and milestones, risk management
plans, vulnerability and compliance scanning, and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will be
supporting a larger team of developers, engineers, and analysts all charged with expanding, operating, and
maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware.
Team responsibilities include Linux system build automation, network architecture and implementation, all
facets of cyber security compliance, deployment and management of core subsystems and services such as DNS,
FreeIPA, email, Jira, Elastic Stack, VMware, Veeam. The team also maintains a small number of Windows
systems. The ISSE will assume responsibility for ICD-503 RMF process for these multiple information systems
including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log
reviews and other related duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet program
needs. Candidate must possess the ability to communicate effectively and be flexible, adaptable, and willing to
take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and will be
expected to cross train and support other areas as needed. Superior attention to detail is required. Must exhibit
positive attitude and good customer service skills in sometimes stressful situations, such as during outage
troubleshooting and resolution.
Required Skills:
Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence
Community (IC) customers, which includes developing and reviewing security concept of operations,
systems security plans, security control assessments, contingency plans, configuration management
1
, plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and
compliance scanning, and/or vulnerability management plans. Must have significant expertise in ICD-
503 C&A process and documentation preparation.
Security engineering experience; which includes systems engineering principles, configuration
management, supply chain, requirements analysis, system development (software and hardware);
network security architecture concepts (topology, protocols, components); and/or IT security principles
and methods (firewalls, demilitarized zones, encryption).
Required experience with ICD-503 security frameworks to include C&A process and documentation
preparation. Also desired is experience in NIST SP 800-37, CNSS publications, and other Risk
Management Framework (RMF) processes.
Experience providing continuous monitoring support for information systems to include expertise in
USG security compliance processes, scan tools and systems (NESSUS, NMAP, Rapid7, WebInspect,
AppDetective, Nipper, ICD-503 RMF, SNOW)
Advanced problem solving skills: able to use prior experience and knowledge to address new situations;
especially during interactions with clients.
Experience providing assistance to A&A test and evaluation activities.
Demonstrated advanced analytical skills: able to use prior experience and knowledge to seamlessly
incorporate new knowledge or information during client interactions.
Demonstrated ability to work seamlessly with the program and development team to be able to
communicate security practices from the development requirements
Be able to evaluate proposed security architectures and designs and provide input as to the adequacy of
those security designs to meet required security compliance objectives
Security certification (Security+ or CISSP)
Desired Skills:
Proficiency with Windows and Red Hat Linux/Unix environments to include Red Hat Certified System
Engineer (RHCSE) or equivalent skills. 5+ years’ experience as Linux system engineer/admin
Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent skills and
experience
Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system administration
and file management
Experience with Puppet, Ansible, and/or Foreman
Experience with SNOW and ServiceNow
Experience configuring, securing, managing and troubleshooting Linux/Unix systems
Familiar with source code control tools such as: git, gitlab, cvs, svn
Experience with log aggregation tools used for audit log purposes from all sources, including Linux and
Windows systems, Networking equipment, and applications
Experience with public key infrastructure (PKI), secure shell (ssh) configuration and troubleshooting,
sssd, httpd
Experience with Amazon Web Services or other cloud technologies
Experience deploying SAN storage preferably from IBM (GPFS)
2
, Experience bootstrapping HPE servers, configuring storage, iLO
Experience deploying enterprise monitoring tools such as Grafana
Experience with VMware VSAN, vCenter, replication, Veeam backup integration
Experience with relational database technologies such as Oracle and MySQL
Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff
consumption
Education and Experience:
Bachelor’s Degree in Computer Science, Information Technology, related field, plus 10 years of
experience is desired.
3
group id: 10196689
