Information Systems Security Engineer (ISSE)
ECS Corporate Services

ECS is seeking an Information Systems Security Engineer (ISSE) to work in our Columbia, MD office. Please Note: This position is contingent upon contract award.

Job Description:

ECS is seeking an Information System Security Officer (ISSO) to work in Columbia, MD, with Current, active Top Secret security clearance with SCI and Poly eligibility.

An Information Systems Security Engineer (ISSE) is responsible for designing, implementing, and maintaining security measures to protect an organization's information systems and data assets from cybersecurity threats and vulnerabilities. Work closely with IT teams, management, and other stakeholders to ensure the confidentiality, integrity, and availability of sensitive information and critical infrastructure.

Key Responsibilities:

Security Architecture Design: Develop and implement secure information systems architectures, including networks, applications, databases, and cloud environments, to protect against cybersecurity threats and risks.

Risk Assessment and Management: Conduct risk assessments to identify vulnerabilities, assess threats, and develop risk mitigation strategies to minimize security risks and ensure the security posture of information systems.

Security Tool Implementation and Management: Deploy and manage security tools and technologies, such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, SIEM (Security Information and Event Management) systems, and encryption tools, to detect and prevent security incidents.

Incident Response and Management: Develop and implement incident response plans and procedures to effectively respond to security incidents and breaches, including detection, analysis, containment, eradication, and recovery.

Security Testing and Evaluation: Perform security testing, including penetration testing, vulnerability assessment, code review, and security audits, to identify and remediate security vulnerabilities in information systems.

Identity and Access Management (IAM): Design and implement IAM solutions, including user authentication, authorization, provisioning, de-provisioning, single sign-on (SSO), and privilege management, to ensure appropriate access control and user management.

Security Compliance and Standards: Ensure organizational compliance with regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI DSS, ISO 27001) through regular assessments, audits, and adherence to security policies and procedures.

Secure Configuration Management: Implement and maintain secure configurations for operating systems, applications, network devices, and cloud services to minimize security risks and vulnerabilities.

Security Awareness and Training: Provide security awareness training to employees to promote a culture of security and compliance and keep stakeholders informed about emerging threats and security best practices.

Collaboration and Communication: Collaborate with cross-functional teams, including IT, security, compliance, and business units, to address security concerns, communicate security risks, and provide security guidance to stakeholders.

Required Skills:

• U.S. Citizenship is required per contract
• Current, active Top-Secret security clearance with SCI and Poly eligibility.
• Bachelor degree in Computer Science, Information Systems, Engineering, or a similar field.
• Deep understanding of information security principles, concepts, and best practices, including encryption, authentication, access control, network security, and security protocols.
• Proficiency in conducting risk assessments, identifying vulnerabilities, assessing threats, and implementing risk mitigation strategies to protect information systems and data assets.
• Ability to design secure information systems architecture, including network infrastructure, applications, databases, and cloud environments, to ensure confidentiality, integrity, and availability.
• Create system authorization boundary diagrams encompassing traceability back to Hardware, Firmware, Software, and Ports, Protocols and Services (PPS) lists.
• Fill out the status of all security controls, enhancements, and control correlation identifiers (CCIs) in eMASS/XACTA.
• Tailor security controls out of NIST SP 800-53, revision 4/5 for the system.
• Develop a Security Assessment Plan (SAP) in accordance with the Navy Security Control Assessor (SCA) A&A Testing Guidance.
• Assess security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in accordance with the SAP.
• Build risk assessment report (RAR) incorporating all findings discovered in testing and documenting an analysis of each finding.
• Familiarity with secure software development lifecycle (SDLC) practices and methodologies, including threat modeling, secure coding practices, and code review techniques.
• Experience with security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, SIEM (Security Information and Event Management) systems, vulnerability scanners, and encryption tools.
• Knowledge of network security principles, protocols, and technologies, including VPNs, SSL/TLS, DNS security, network segmentation, and traffic analysis, to protect network infrastructure from cyber threats.
• Understanding of cloud security concepts, architectures, and best practices, including identity and access management (IAM), data encryption, secure configuration management, and incident response in cloud environments.
• Proficiency in designing and implementing Identity and Access Management (IAM) solutions, including user authentication, authorization, provisioning, de-provisioning, single sign-on (SSO), and privilege management.
• Familiarity with regulatory requirements and industry standards (e.g., GDPR, NIST, ISO 27001) and the ability to ensure organizational compliance with these requirements.
• Knowledge of incident response procedures, including detection, analysis, containment, eradication, and recovery, to effectively respond to security incidents and breaches.
• Experience with security testing methodologies and tools, including penetration testing, vulnerability assessment, code review, and security audits, to identify and remediate security vulnerabilities.
• Understanding of encryption algorithms, cryptographic protocols, and key management principles to protect sensitive data at rest, in transit, and in use.
• Ability to implement and maintain secure configurations for operating systems, applications, network devices, and cloud services to minimize security risks and vulnerabilities.
• Current DOD 8570 IAM Level 2 or IASAE Level 1.
• Solid Microsoft Excel, Word, and Power Point skills.
• Personal Qualities:
  • Possess excellent oral and written communication skills for large government audiences and internal executive teams.
  • Customer-service focused and career/growth-oriented.
  • Ability to learn and adapt to changing information and environments.
  • Promote a team environment with positive attitude.
  • Interact and coordinate with senior government officials within and outside of the organization.
  • Outstanding attention to detail.
  • Initiative-taking and a self-starter.
  • Exceptional professionalism in challenging and demanding environments.

Desired Skills:

• Deep understanding of information security principles, concepts, and best practices.
• Ability to conduct comprehensive risk assessments, identify vulnerabilities, assess threats, and develop risk mitigation strategies.
• Proficiency in designing secure and resilient information systems architectures, including networks, applications, databases, and cloud environments.
• Researched and evaluated emerging security trends and issues to assist customers in improving the security posture of the organization.
• Understanding of cloud security concepts, architectures, and best practices, including identity and access management, data encryption, and secure configuration management in cloud environments.
• Researched web application firewall (WAF) technology limitations and advised development teams on remediation of vulnerabilities not covered by WAF security policies.
• Experience in designing and implementing Identity and Access Management (IAM) solutions, including user authentication, authorization, and privilege management.
• Knowledge of encryption algorithms, cryptographic protocols, and key management principles to protect data at rest, in transit, and in use.
• Proficiency in security testing methodologies, including penetration testing, vulnerability assessment, code review, and security audits.
• Ability to develop and implement incident response plans and procedures, including detection, analysis, containment, eradication, and recovery from security incidents.
• A deep understanding of enterprise operating systems.
• Knowledge of programming languages and tools.

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

General Description of Benefits

This job has expired.