Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. [CLIENT] is seeking a motivated self-starter with experience in secure information systems to join a team of engineers to architect, design, develop, and implement security solutions.
As a Principal Information System Security Engineer, you will provide critical systems, application and infrastructure support to a Department of Defense customer. You have the opportunity to work with a team across multiple technical areas to include operations, engineering, security, and systems development. This is a great opportunity for technical and professional growth, as you will get in on the ground floor while implementing and operating Security Event and Incident Management (SEIM) applications across enclaves.
CLEARANCE REQUIRED: Active Top Secret US Government clearance
This Principal ISSE position continuously monitors the security state of the system by building and maintaining queries, reports, and alerts in Splunk and displaying them in dashboards available to Engineers, Information System Security Managers (ISSM), the Chief Information Security Officer (CISO), Information System Owners (ISO) and other ISSOs/ISSEs. You will gain an understanding of the daily operation of the system to identify, explain, and document anomalous events and behaviors, following established incident response and mitigation procedures.
Your excellent analytical skills will assist in quantifying risk to enterprise systems and level of compliance with security policy across a broad spectrum of daily operations. Your responsibilities will also include elements of physical and environmental protection, personnel security, incident handling, and security training and awareness. In close coordination with the Lead ISSE and the rest of the Audit team, you will play an active role in monitoring the enterprise to include developing and maintaining the SEIM toolsets, and documenting the security impact of changes.
As Principal ISSE, you will:
Ensure systems are operated, maintained, and disposed of in accordance with security policies and procedures
Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans of Action and Milestones (POA&M)
Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization package
Conduct daily, weekly and monthly review and management of the audit collection system, using various SEIM applications.
Implement existing media control and data transfer policies
Work within the IA team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
Participate in the change management process, including reviewing Change Requests and assisting in the assessment of security impact of proposed changes
Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for solutions; track findings with POA&M through mitigation and/or risk acceptance
Responsible for the implementation of the information assurance program controls in accordance with DoDD 5205.07, Special Access Program (SAP) Policy, DoDM 5205.07 SAP Security Manual(s), and the JSIG
Assist with security infractions and assist in security investigations and responses as requested
Work on project teams responsible for engineering and packaging releases to integrate within the customer's production IT environment
Communicate well, both written and verbal
A Principal ISSE will have:
DoD 8570.1 / DoD 8140.01 certification (IAM III Level certification- CISSP is preferred)
US Citizenship and active TS clearance is required. SCI eligibility highly desired
Graduated with a Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study) and have 7 to 10 years experience with information networks and related security concerns; or a Master's degree with 5 to 7 years experience
Background and 3-5 years experience with Security Event and Incident Management (SEIM) tools. Experience with Splunk is preferred and Splunk certifications are highly desired
Experience using various IA tools in audit collection, audit review, audit management, and end point protection
A background and some experience with RMF, ICD 503, NIST SP800-53 or DCID 6/3, or knowledge of current authorization practices, particularly within the DoD is desired
Experience with security efforts related to modern Windows, Linux, UNIX, Cisco, SQL or Oracle databases, and virtualized systems are desired
This position will afford excellent visibility, internal mobility and leadership opportunities, within a dynamic, growth-focused organization, offering competitive compensation and robust benefits.