Information Systems Security Engineer (isse I) (government)

AT&T AT&T · Telecom · Columbia, MD

Information Systems Security Engineer (ISSE) to support information assurance programs and ensure the security posture of mission critical systems. The role involves conducting technical security assessments, validating security requirements, and contributing to secure-by-design solutions across various architectures. It requires supporting security authorization activities in alignment with DoD and IC security frameworks, including RMF, NISCAP, and NIST RMF.

What you'd actually do

  1. Perform and/or review technical security assessments to identify vulnerabilities, weaknesses, and non-compliance with IA standards; recommend and track mitigation strategies.
  2. Validate and verify system security requirements and contribute to security requirements definition and analysis.
  3. Establish and support system security designs for networking, computing, and enclave environments, including multi-enclave solutions with differing data protection/classification needs.
  4. Design, develop, implement, and/or integrate security controls and security-relevant system components into operational environments (secure-by-design/secure-by-default).
  5. Partner with architects and system developers to identify and implement appropriate security functionality that aligns with agency policy and enterprise solutions.

Skills

Required

  • Risk Management Framework (RMF) knowledge
  • NSA/CSS NISCAP
  • DoD RMF
  • NIST RMF
  • IA principles

Nice to have

  • LATTEART
  • XACTA
  • BISCOTTI
  • WATCHCAT
  • STE
  • NIST SP 800-53 (Rev. 5 and/or Rev. 3)
  • NIST SP 800-37
  • STIG implementation
  • COTS/GOTS cryptography integration
  • scanning tools for compliance, configuration, and vulnerability assessment

What the JD emphasized

  • security authorization activities
  • Risk Management Framework (RMF)
  • NSA/CSS NISCAP
  • DoD RMF
  • NIST RMF