Information Systems Security Engineer Principal

Job description

**Your Impact:**

Are you interested in using your skills to help shape the Cyber, Security, & Intel space?

If so, look no further.

Amentum is seeking a **Principal Information Systems Security Engineer** to join our team of passionate individuals in **Fort Meade, MD** .

In this role you will support challenging, mission-critical projects that make a direct impact on the Nation’s security and intelligence mission.

In support of the Defense Information Systems Agency (DISA), the Intel and Cyber Division V2MVP team supports a program providing crucial network capabilities to the Department of Defense.

We are committed to retaining this team for prototype development, test, and demonstration, as well as potential long-term integration, deployment and sustainment as needed.

Candidates interested in joining the team must be critical thinkers, have a strong work ethic, and be able to work independently or as a member of a team in a dynamic environment that supports a critical and rewarding mission.

We value candidates who are detail-oriented while also being able to think and react quickly to emerging and unique problem sets.

To be successful, you must be able to rapidly adapt and learn how to operate the front and back end of new products and processes.

**Responsibilities:**

The **Senior Information Systems Security Engineer (ISSE)** shall deliver and lead threat-informed cybersecurity products - cybersecurity risk assessments, architecture design reviews, and provide cyber security guidance to the engineering and architecture teams: This includes:

• Conduct cybersecurity risk assessments and provide prioritized risk mitigation recommendations in support of the technical solution requirements.

• Help define security requirements for new technology solutions and prototypes

• Analyze solution architecture by evaluating against defined security requirements to identify security gaps, and provide mitigation strategy.

• Review security requirements while collaborating in multifunctional teams providing a holistic cyber security posture

• Research and evaluate emerging technologies to determine cybersecurity effectiveness.

• Aid stakeholders through the design, build, configuration, and implementation of innovative solutions and capabilities.

• Engage stakeholders to ensure security objectives, protection needs, security requirements and associated validation methods are defined and implemented.

• Validate and verify system security requirements and establish system security design

• Design, develop, implement, and integrate IA and security systems and components for networking, computing, and unified capabilities services, across multiple enclaves with different data protection/classification requirements.

• Assist architects and engineers in the identification and implementation of information security functionality to ensure uniform application of security policies

• Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations

• Utilize eMASS/XACTA to document security controls, track vulnerabilities, generate reports, and manage the ATO process.

• Prepare and review RMF artifacts to be used for new IS accreditation

• Lead the creation and completion of System Security Plan (SSP) for a new IS prototype

• Foster positive relationships between government, military, and contracting personnel

**Required Qualifications:**

• BS degree or equivalent in the fields of mathematics, telecommunications, electrical engineering, computer engineering, or computer science, Cybersecurity, Information Security, etc.

• 15 years of experience as a Cyber Security Engineer or Systems Engineer

• Experience presenting technical information to both technical and non-technical audiences to include senior stakeholders

• Expertise in the Risk Management Framework (RMF) and conducting cybersecurity risk assessments

• Experience identifying, mitigating, and managing IT system Common Vulnerabilities and Exposures (CVEs) and Information Assurance Vulnerability Alerts (IAVAs)

• Experience using the MITRE ATT&CK framework to identify adversary TTPs

• Experience using eMASS to manage Authority To Operate (ATO) processes

• Experience developing and documenting system security requirements and conducting requirements gap analysis.

• Experience with security monitoring and incident response capabilities

• Experience with emerging technologies such as Zero Trust, Cloud Computing, etc.

• Experience in evaluating and implementing Cyber security tools for assessing and maintaining system security within the Department of Defense (DoD).

• Experience in ensuring the establishment and satisfaction of cyber security and security requirements based upon analysis of user, policy, regulatory, and resource demands.

• Ability to define requirements for business continuity, operations security, regulatory compliance, and insider threat detection and mitigation to best protect information assets.

• Implement and validate security designs in hardware, software, data, and procedures.

• Demonstrated ability to work with Systems Architects and Engineers, acquire information for resolving controls and POAMs and update the customer's A&A system.

• Skilled in performing analyses to ensure threat assessments, protection, detection, and reaction functions are performed.

• Ability to analyze general cyber security-related technical problems and provide basic engineering and technical support in solving these problems.

• Expertise implementing Security Technical Implementation Guides (STIGs) and Assured Compliance Assessment Solution (ACAS) or other vulnerability management tool

• Knowledge of connection security approval processes and compliance policies.

• Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data.

• Demonstrated proficiency with the following computer operating systems (e.g. Microsoft Windows, LINUX, UNIX, Mac OS, etc.)

• Ability to work independently within a schedule and with little direction

• Ability to travel up to 10%

**Preferred Qualification:**

• Familiarity with classified cloud environments (e.g., AWS Secret Region, Azure Government Secret)

• Expertise of CDS (NCDSMO, DSWAG, CDTAB, etc), and/or VoIP/UC

• Certifications: IASAE Level III - CISSP-ISSEP, CISSP-ISSAP

• Experience working on DoD prototype or rapid acquisition programs

**Clearance Required:**

• Must have active Top Secret clearance with SCI eligibility

**Minimum Education:**

• BS degree or equivalent in the fields of mathematics, telecommunications, electrical engineering, computer engineering, or computer science

**Minimum Years of Experience:**

• 15 years

**Required Certifications:**

• Current DOD 8570 Information Assurance Technician IAT III certification

#javelin #externalreferral

**Pay Transparency Verbiage**

Amentum’s health and welfare benefits are designed to invest in you and in the things you care about.

Your health.

Your well-being.

Your security.

Your future.

Eligible employees and their dependents may elect medical, dental, vision, and basic life insurance.

Employees are able to enroll in our company’s 401k plan, and, if eligible, a deferred compensation plan and Executive Deferral Plan.

Employees will also receive 17 days of vacation per year, seven paid holidays, plus floating holidays and caregiver leave.

Hired applicants will be able to purchase company stock and have the opportunity to receive a performance discretionary bonus.

The base salary range for this position is **$210K to $235K** .

This range reflects the minimum and maximum target for new hire salaries for the position across all US locations.

Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Required Skill Profession

Other General