Information Systems Security Engineer Job Description
Information Systems Security Engineer Duties & Responsibilities
To write an effective information systems security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included information systems security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Systems Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Systems Security Engineer
List any licenses or certifications required by the position: CISSP, SSP, POA&M, ATC, ATO, DOD, NSA, ISC, SANS, FIPS
Education for Information Systems Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the information systems security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Engineering, Information Assurance, Information Security, Technical, Information Systems Security, Government, Management, Electrical Engineering, Information Technology
Skills for Information Systems Security Engineer
Desired skills for information systems security engineer include:
Desired experience for information systems security engineer includes:
Information Systems Security Engineer Examples
Information Systems Security Engineer Job Description
- Maintain system patches
- Assess potential risks, mitigation measures, residual risks, and provide a recommendation to the Government for approval or disapproval
- Facilitate and manage security vulnerability assessments and penetration tests
- Plan and oversee configuration changes for major security infrastructure platforms
- Lead the technical aspects of internal security audits and investigations
- Represent the program's technical security interests with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of technical information and best practices in information security
- Manage and maintain a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues
- Primary responsibilities will be in facilitating the collection, audit and submission of required deliverables through the Certification and Accreditation (C&A) process
- This person will also be the "Action Officer Liaison" to Engineering, tracking and reporting on DIACAP packages as they move through accreditation
- Support the Engineers with information assurance compliance tracking and analysis
- ITIL Foundations certification is desired
- Candidate must demonstrate a strong understanding of Windows security, virtualization security, and process experience with DoD certification processes
- Candidate must process a CISSP or equivalent IA certification, and a Cisco CCNA Security or equivalent
- Candidate must demonstrate a strong understanding of Windows security, virtualization security, network security and process experience with DoD certification processes
- Recent experience creating and updating C&A packages (DIACAP and/or RMF)
- DoD 8570 compliance with IASAE Level 2
Information Systems Security Engineer Job Description
- Present technical document to internal and external customers
- C&A activities account for 50% of the workload for Engineering Support at a rate of 15 solutions per week
- Lead System Security Engineering (SSE) and Cybersecurity/IA efforts by establishing or validating the system boundary in describing the IS, its functions, information types operating environments, and security requirements
- Capture and refine information security requirements and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
- Employ best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
- Conduct security control assessments
- Coordinate the system security related activities with ISO’s, ISSM’s and CCP’s
- Represent IA in the configuration management process
- Plan and conduct annual and/or ad hoc vulnerability scanning and security control assessments at customer sites to ensure compliance with Authorizing Official requirements (Continuous monitoring)
- Participate in proposal efforts containing Cybersecurity/IA-related SOW/tasks to address scope, capability, cost, schedule, and resources
- Must have CEH (Certified Ethical Hacker) Certification
- Utilize engineering principles and experience to prepare engineering drawings, technical basis's, engineering change notices, work requests, equipment specifications, purchase requisitions, engineering transmittals, as necessary to accomplish assigned tasks
- Be comfortable interfacing with military and civilian management, project teams from various regions
- Be able to communicate with the Customer and understand their needs
- Must currently have an active TOP SECRET clearance or have had a TOP SECRET clearance that is currently in a dormant status
- Must have or be eligible for the Top Secret “SCI” designator
Information Systems Security Engineer Job Description
- Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System (IS) lifecycle
- Extensive knowledge of Department of Defense, Department of Navy, and Intelligence Community policies, procedures, and guidelines for designing secure architectures
- Ability to develop and interpret security architectures, data flow diagrams, engineering electrical/pinout drawings, and publications that depict the system(s) architecture
- Interface with company and customer staff at all levels
- Punctuality to work each day and prepared to work scheduled work hours or longer as needed
- You are responsible for maintaining the appropriate operational security posture for the information systems within your region
- Serve as the principal adviser to the Government on all matters, technical and otherwise, involving the security of the information system and you are responsible for day-to-day security operations
- Monitor trends in information technology and security that could have an impact on the security of the organization's products, processes, infrastructure, or customers
- Evaluate hardware design, operating systems, and software applications proposed for programs to ensure that each adequately address IA security requirements and provide confidentiality, integrity, availability, authentication, and non-repudiation
- Run and review CIS hardening compliance scans and ensure system compliance with the clients baselines
- Bachelor’s degree in a related discipline or equivalent experience (4 years)
- Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 and Information Assurance Manager Level 2 within 6 months of the date of hire
- Eligibility for access to Special Access Program Information
- Willingness to submit to a Counterintelligence polygraph
- Must have a minimum of 5 years related experience in defining and reviewing system security requirements for complex IT-based systems
- Compliance with DoD 8570 certification requirements
Information Systems Security Engineer Job Description
- Ensures the design of hardware, operating systems, and software applications adequately address information security requirements on the customer’s hosted systems
- Provides lead technical security support and systems security integration support in the development and production environments
- Develops documentation for the design, development, and implementation for system security technologies and solutions
- Identify improved or equal security features and safeguards provided for system enhancements
- Coordinate with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understating in development and application of security controls, and security tradeoffs and other decisions
- Provide technical guidance in security design reviews and analyze vendor documentation for government and commercial solutions
- Oversees and reports compliance with system security plans (SSPs) on all government customer information stores, systems and networks and reviews audit logs for security significant issues and events
- Provide network services engineering expertise in support of strategic defense of essential network infrastructures and operations against compromise by ensuring integrity and robustness of interconnections between networks of different security domains
- Provide Cross Domain Solution (CDS) system security control guidance
- Execution of the Assessment & Authorization (A&A) process in accordance with government requirements (i.e., ICD-503)
- Must be a good communicator and have excellent interpersonal skills
- Familiar with Configuration and Administration with Enterprise Security Information and Event Manager (SIEM)
- Experience in the Integration of multiple SIEM tools into a Single Architecture
- Working Knowledge of Operating System Auditing (both Syslog and Window Event Log) preferred
- Familiar with Amazon Machine Images (AMIs)
- Familiar with the Amazon Web Services (AWS) Console
Information Systems Security Engineer Job Description
- Provide knowledge and implementation impacts of automated security testing tools (I.e., ACAS, Fortify, WebInspect, SonarQube, OWASP Zap)
- Serve as an advisor to development groups about the security Assessment & Authorization process and milestones in order to achieve schedule
- Serve as a IA subject matter expert in cloud based multi-tenant environments
- Perform analysis and evaluation to design, implement, test and field secure systems, networks, and architectures
- Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy
- Support the Government to resolve conflicting system security engineering requirements
- Liaison with Department of Defense (DoD), Intelligence Community (IC), Department of the Navy (DoN) and Naval Air Systems Command (NAVAIR) stakeholders
- Actively being used or within scope DoD TS/SCI clearance
- Ability to obtain a favorable Counter Intelligence (CI) Polygraph
- Expert knowledge of security engineering, design concepts and principles
- Information Systems Security Engineering Professional (ISSEP) and CISSP Certifications are required
- Bachelor of Science degree from an accredited university in Computer Science, Information Assurance, Information Security System Engineering or related field with a minimum of 14 years of experience as an Information Systems Security Engineer (ISSE) on programs and/or contracts with the Federal Government
- Candidate must process a CISSP or equivalent IA certification, RHEL 6 System Administration, MCSA, or other equivalent certification
- Identifying Information Protection needs and define System Security Requirements
- Familiar with Amazon Machine Instruction Generation and Testing
- Strong listening and collaboration skills