Information System Security Engineer (ISSE)

AFS is seeking a highly motivated, Mid-level Information System Security Engineer (ISSE) this role works with the portfolio they are tied to and internal CISO organization, this role is pivotal in bridging the gap between business objectives and cybersecurity strategies. The primary responsibility will be to collaborate with various teams in the organization to ensure the seamless integration of security practices into business operations (i.e. portfolios). The ideal candidate will have working knowledge of various NIST guidance and frameworks such as NIST's Risk Management Framework (RMF), and NIST SP 800-171.

To excel in this role, you will need a strong foundation in risk management and problem-solving, as these skills will be critical in identifying vulnerabilities and implementing effective countermeasures that project teams can use to supplement their security knowledge. Familiarity with tools and processes related to threat detection, vulnerability assessments, and supply chain risk management will be highly advantageous. Additionally, experience working in cross-functional teams and collaborating with technical experts in security engineering and architecture will help you navigate the complexities of this role. Your ability to communicate effectively with both technical and non-technical stakeholders will be essential in driving security initiatives forward and fostering a culture of cybersecurity awareness across the organization.

The Work:

• Work with project teams to develop and maintain bodies of evidence (BOE) for information systems, custom application, services, and networks.
• Must be able to understand and implement Client Data Program (CDP) program with project teams.
• Develop and disseminate system security policies, processes, and likewise governing products in service of maintaining a low operational risk posture.
• Work with project teams to conduct internal vulnerability assessments and facilitate external audits of security controls.
• Coordinate security-related tasks and activities across other functional areas, e.g. Program Management, Engineering, Software Development, Supply Chain risk, etc.
• Product documentation in response to, and satisfaction of, information security requirements
• Work with project teams to develop Authorization to Operate (ATO) Packages and ATO supporting documentation. Examples are: SSP's, POA&Ms, SCTMs, Certification Test Reports, Briefings, Continuous Monitoring and Training products.
• Conduct Security Impact Analyses (SIA) on System Change Requests for systems that have been authorized by CISO.
• Manage multiple priorities and complex tasks in a dynamic work environment.
• Translate technical concepts to semi-technical clients.

Here's what you need:

• Bachelor's Degree in a related area or equivalent experience (4 years)
• 2-5 years of experience configuring and securing systems to achieve compliance with Security requirements (Controls, STIGS)
• 3+ years of experience conducting Assessment and Authorization (A&A) using Rick Management Framework )RMF) activities; across all 6 steps
• 2-5 years expertise administering risk management in an enterprise or tactical environment
• 5+ years experience and competency with the Microsoft Office Suite (e.g. Word, Excel, Powerpoint, etc.)
• 2+ years working with and understanding systems, and the Software Development Life Cycle (SDLC)

Bonus points if you have:

• Experience working with non-traditional IT (Example - Small, purpose-built computers and/or networked sensor equipment)
• Cloud experience (vendor agnostic), FedRAMP knowledge
• CISSP or equivalent certification

Security Clearance

Must have an active TS security clearance