Cloud Information Systems Security Engineer (ISSE)

Job description

H2 Performance Consulting is subject to the Vietnam Era Veteran's Readjustment Assistance Act as a Federal Contractor and is an Equal Opportunity/Affirmative Action Employer and strives to build a diverse workforce.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.

Additionally, as mandated under Executive order 12989, H2 is required to verify employment eligibility of selected candidates through the Department of Labor’s - E-Verify.

H2 Performance Consulting (H2) is seeking a Cloud Information Systems Security Engineer (ISSE).

The Cloud ISSE will join our AWS-based cloud operations team, working alongside AWS DSO Cloud Engineers and ITSM Analysts/ Developers.

This role focuses on developing and maintaining a robust cybersecurity architecture for AWS cloud environments, ensuring compliance with DoD standards, and securing cloud services through the system lifecycle.

The Cloud ISSE will provide expertise in risk management, artifact development, and security assessments to achieve and maintain authorizations for cloud systems.

The Cloud ISSE responsibilities will include:

• ​ Develop and maintain a comprehensive cybersecurity architecture for AWS cloud environments, ensuring alignment with DoD Instruction 8510.01 and the Navy Risk Management Framework (RMF) Process Guide (RPG).
• Lead the creation, review, and maintenance of authorization artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs), within the Enterprise Mission Assurance Support Service (eMASS).
• Conduct NIST 800-53 control assessments, technical security testing, and vulnerability scans using tools like ACAS, STIGs, and AWS-native security services to support Authorization to Operate (ATO) processes.
• Manage authorization maintenance activities, including annual security reviews, POAM updates, and compliance with ATO stipulations across Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) models.
• Collaborate with AWS DSO Cloud Engineers to perform security impact analyses for proposed system changes, ensuring secure integration of Infrastructure-as-Code (IaC) and DevSecOps pipelines.
• Leverage Amazon GuardDuty, Amazon CloudWatch, AWS Security Hub, AWS Cloud Trail, and Splunk for event monitoring, log analysis, and incident response to maintain a secure cloud environment.
• Establish and maintain inheritance profiles with AWS Cloud Service Providers to streamline compliance and reduce assessment overhead.
• Support cybersecurity processes, including Command Cyber Readiness Inspections (CCRI), Web Risk Assessments, and other audits, by providing documentation and remediation plans.
• Work with the ITSM Analyst/Developer team to integrate security findings into Remedy workflows for efficient incident and problem management.
• Implement and manage security tools like Trellix, Invicti, and Anchore to identify vulnerabilities and ensure compliance with DoD STIGs and security baselines.
• Provide technical guidance to operations teams on interpreting ACAS and STIG results, ensuring alignment with authorization baselines and secure configurations.
• Develop and recommend improvements to cybersecurity processes, policies, and tools to enhance efficiency and compliance.
• Document security configurations, processes, and lessons learned to support audit readiness and team knowledge sharing.
• Participate in Agile processes, including sprint planning and daily stand-ups, to align security tasks with team objectives.
• Engage with the Cloud Center of Excellence (CCoE) to promote best practices in cloud security and risk management.

Required Qualifications:

• Minimum of 4 years of experience in cybersecurity, with at least 2 years focused on cloud security engineering in AWS or similar cloud environments.
• Proven expertise in achieving and maintaining DoD cloud authorizations under RMF, including artifact development and eMASS management.
• Hands-on experience with NIST 800-53 control assessments, ACAS scanning, and STIG compliance in cloud environments.
• Proficiency in using AWS security tools (e.g., AWS Security Hub, Amazon GuardDuty) and Splunk for event monitoring and log analysis.
• Familiarity with Infrastructure-as-Code (IaC) tools like Terraform or Bicep and their security implications in cloud deployments.
• Knowledge of DoD cybersecurity standards (e.g., NIST 800-53, DoD STIGs) and their application in cloud environments.
• Experience with security tools such as Trellix, Invicti, or Anchore for vulnerability management.
• Strong understanding of AWS services, including compute, storage, networking, and identity management, from a security perspective.
• Minimum SECRET clearance and a DoD 8570 IAM Level II certification (e.g., CISSP, CAP, or Security+ with relevant CE).
• Ability to work independently, prioritize tasks, and meet deadlines in a fast-paced environment.
• Excellent critical thinking, problem-solving, and communication skills for collaborating with technical and non-technical stakeholders.
• Proficiency in Microsoft Office applications (Word, Excel, PowerPoint, Outlook) for documentation and reporting.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience).

Preferred Qualifications:

• Experience in operational IT roles (e.g., systems administrator, operations lead, or security analyst) within DoD environments.
• Familiarity with DevSecOps practices, including securing CI/CD pipelines and GitHub Advanced Security tools (CodeQL, Dependabot, SBOM).
• Hands-on experience with Remedy for integrating security findings into ITSM workflows.
• AWS security certifications (e.g., AWS Certified Security – Specialty, Microsoft Cybersecurity Architect).
• AWS or other cloud platform experience, demonstrating adaptability to multi-cloud environments.
• Familiarity with DoD enterprise architectures, particularly Navy or Marine Corps systems.
• Knowledge of software configuration management, release automation, or cloud migration processes from a security perspective.

Qualified candidates may submit their resume to the career section of our company website at .   All resumes will be reviewed within 5 business days and those candidates we wish to further in the application process will be contacted via email/phone to schedule initial phone screens. 

Required Skill Profession

Computer Occupations