Information Systems Security Engineer (ISSE)
Mantis Security is seeking for immediate placement a Information Systems Security Engineer (ISSE) with a focus in Cloud Security (AWS or Azure) and DevSecOps technologies and a TS/SCI clearance with a CI Polygraph to support the secure and continuous delivery of information systems for an IC customer. You will support the Assessment & Authorization (A&A) processes for information systems and applications being developed and work closely with software developers and architects, and with program ISSOs, to ensure the information systems and applications meet appropriate security measures per ICD 503 and NIST 800-53 security controls. You will support security engineering technical meetings and requirements analysis in areas of cloud, container security, DevSecOps, and platform security in order to ensure security measures are modernized while meeting IC, DoD, and agency security requirements.ResponsibilitiesDevelop and improve security architectures for applications, information systems, and microservicesLead the analysis of security requirements and provide implementation recommendations to developers and systems engineersEmploy best practices when implementing security controls within an information system to include software engineering methodologies, system/security engineering principles, secure design, secure architecture and secure coding techniquesDesign unclassified and classified environments that leverage AWS clouds and Azure cloudsWork with team to configure and maintain Virtual Machines (EC2 instances) that align with security requirementsSupport application development or infrastructure development teams in the review of their security engineering requirementsImplement DevOpsSec initiatives in the implementation of the DevOpsSec Framework for IC IESupport regular review of AWS security settings, IAM roles, privileges, and environmental settingsPerform vulnerability testing, risk analyses and security assessmentsResearch security standards, security systems and authentication protocolsTest security structures to ensure they behave as expectedDetermine the most effective way to protect applications, networks, and information systems against external and insider threatsDeliver technical reports and formal papers on security topicsProvide security engineering input to assigned programs throughout the program lifecycle to ensure systems meet ICD-503 controlsLeverage DAST and SAST tools provided by agency's DevSecOps CI/CD toolchain to analyze static code and dynamic code for known vulnerabilities and work with developers, ISSO, and SCAs to ensure adequate remediationRequirements Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraphBachelor's degree in computer science, cyber security, or a related technical field, with 8+ yrs. experience with information systems development and security; an additional 4 years of experience may be substituted in lieu of a degree;Advanced knowledge in two or more of the following areasDevOps methodologies, CI/CD tools, practices (GitHub, Git, Jenkins, Artifactory, Nexus, etc.)Agile or Scrum methodologyAWS Security ConfigurationSoftware Development in Java, Python, Ruby and/or C++Linux Expertise (RedHat/RHEL or CentOS preferred)Dynamic & Static Application Security Scanning (eg, Arachni, OWASP ZAP, BurpSuite, Fortify, Checkmarx, etc.)Virtualization and containers (EC2, Docker)Infrastructure Security Scanning, Vulnerability Scanning (Twistlock, ACAS/Nessus)Experience with Xacta, eMASS, or equivalent IA management softwareUnderstanding of STIGs and CIS BenchmarksDoD 8570 IASAE Level II certification (CISSP, CASP CE or CSSLP)BenefitsMantis Security believes that our strength is in our employees. We offer employees the chance to work with great people on projects of high importance, and are committed to providing the best culture that foster's technical innovation and personal growth. To help our staff achieve a productive work-life balance, we offer a full range of highly-competitive benefits for our employees and their families (https //www.mantissecurity.com/benefits). For more information visit or website at https //www.mantissecurity.com.