Information System Security Engineer
Job DescriptionOverviewThe Information System Security Engineer (ISSE) will be responsible for interfacing with customers to develop system security plans and their associated appendices. They will be responsible for performing security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, management and privacy controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, system security plans, security assessment reports, vulnerability assessments, and POA&M management.The desired candidate will also have experience conducting technical assessments to identify vulnerabilities and providing recommendations for remediation. Technical assessments include utilizing vulnerability scanning tools, performing penetration testing and conducting web application assessments.ResponsibilitiesUtilize the NIST Risk Management Framework (RMF) to develop comprehensive security packages, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gapsEnsure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policiesPrepare System Security Plans, Security Authorization Packages, including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations, Plan of Action and Milestones (POA&M) and Security Authorizations memorandumsKnowledge and experience with supporting and/or implementing many of the following technologies and processes: Vulnerability & Patch Management, Endpoint Protection, Firewalls (Network and/or Endpoint), Web Proxies, Load Balancer and Web Application Firewalls, Security Information and Event Management (SIEM), Data Loss Prevention, Network monitoring and mapping, and Incident Response Processes and ToolsKnowledge and experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (ie, Minimum Benchmarks: CIS, DISA STIGS)Knowledge and experience with cloud security implementation and assessmentQualifications6+ years of work experience performing security analyst and/or engineering related functionsBachelorA cents € (TM) s degree in cyber security, information assurance, computer science, information technology or related major/experience.Ability to multi-task in a deadline oriented environmentAbility to manage tasks or projects through completion with very little supervision or oversightAbility to work well independently with little input and as a part of a teamAbility to direct or lead others in a team environmentAbility to develop and present briefings to the customer and/or company leadershipAbility to obtain Public Trust ClearanceCISSP certification is desired, other cyber security related or vendor certifications are a plusCompany DescriptionTDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate information security tasks in the government and commercial areas around the world. TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing information security articles, and working on the cutting edge of information security development programs.Mission Statement:"We provide our clients the peace of mind that their business is running in a safe and secure environment. We do this by delivering high-quality, innovative information assurance and cyber security services and solutions."Vision Statement:"TDI will be an acknowledged global leader in information assurance and cyber security by delivering outstanding service and superior outcomes for our customers."We Believe:Employees are our primary source of strengthEmployees should enjoy their work, feel part of the company, and share in its profitsOur clients deserve the top talent in Information AssuranceTotal access to senior management and openness with each other is a cornerstone to our successOur work environment promotes and rewards employee initiativeA flexible organization is always open to new ideas and solutionsOur well managed growth preserves our cultureWe have a responsibility to contribute meaningfully to the field of Information Assurance, influence its growth, and set the standard.