Information System Security Engineer
Job Description Overview The Information System Security Engineer (ISSE) will be responsible for interfacing with customers to develop system security plans and their associated appendices. They will be responsible for performing security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, management and privacy controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, system security plans, security assessment reports, vulnerability assessments, and POA&M management. The desired candidate will also have experience conducting technical assessments to identify vulnerabilities and providing recommendations for remediation. Technical assessments include utilizing vulnerability scanning tools, performing penetration testing and conducting web application assessments. Responsibilities Utilize the NIST Risk Management Framework (RMF) to develop comprehensive security packages, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies Prepare System Security Plans, Security Authorization Packages, including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations, Plan of Action and Milestones (POA&M) and Security Authorizations memorandums Knowledge and experience with supporting and/or implementing many of the following technologies and processes: Vulnerability & Patch Management, Endpoint Protection, Firewalls (Network and/or Endpoint), Web Proxies, Load Balancer and Web Application Firewalls, Security Information and Event Management (SIEM), Data Loss Prevention, Network monitoring and mapping, and Incident Response Processes and Tools Knowledge and experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (ie, Minimum Benchmarks: CIS, DISA STIGS) Knowledge and experience with cloud security implementation and assessment Qualifications 6+ years of work experience performing security analyst and/or engineering related functions Bachelor's degree in cyber security, information assurance, computer science, information technology or related major/experience. Ability to multi-task in a deadline oriented environment Ability to manage tasks or projects through completion with very little supervision or oversight Ability to work well independently with little input and as a part of a team Ability to direct or lead others in a team environment Ability to develop and present briefings to the customer and/or company leadership Ability to obtain Public Trust Clearance CISSP certification is desired, other cyber security related or vendor certifications are a plus Company Description TDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate information security tasks in the government and commercial areas around the world. TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing information security articles, and working on the cutting edge of information security development programs. Mission Statement: "We provide our clients the peace of mind that their business is running in a safe and secure environment. We do this by delivering high-quality, innovative information assurance and cyber security services and solutions." Vision Statement: "TDI will be an acknowledged global leader in information assurance and cyber security by delivering outstanding service and superior outcomes for our customers." We Believe: Employees are our primary source of strength Employees should enjoy their work, feel part of the company, and share in its profits Our clients deserve the top talent in Information Assurance Total access to senior management and openness with each other is a cornerstone to our success Our work environment promotes and rewards employee initiative A flexible organization is always open to new ideas and solutions Our well managed growth preserves our culture We have a responsibility to contribute meaningfully to the field of Information Assurance, influence its growth, and set the standard.