Information System Security Engineer (ISSE) II - Hybrid
Ishpi Information Technologies, Inc. (ISHPI) · Philadelphia, PA · 1 mo ago
Information TechnologyFull-time
About the role
Ishpi Information Technologies, Inc. (DBA ISHPI) seeks a highly skilled ISSE II to support the Naval Surface Warfare Command in Philadelphia, PA. The role involves cybersecurity support for the Code 104 Information Technology Operations Division.
Responsibilities
- Assessment & Authorization (A&A) Cybersecurity Compliance and Audit Readiness
- Information Assurance Vulnerability Management (IAVM) Vulnerability Scanning and Remediation
- Application and Implementation of Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs)
- Develop and maintain Risk Management Framework (RMF) system security plans including System Categorization Forms, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M)
- Execute the RMF process in support of obtaining and maintaining Interim Authority to Test (IATT), AO approval, Authorization to Operate (ATO), and Denial of Authorization to Operate (DATO)
- Identify and tailor IT and CS security control baselines based on RMF guidelines and categorization of the RMF boundary
- Perform Ports, Protocols, and Services Management (PPSM)
- Perform IT and CS vulnerability-level risk assessments
- Execute security control testing as required by a risk assessment or annual security review (ASR)
- Mitigate and remediate IT and CS system level vulnerabilities for all assets within the boundary per STIG requirements
- Develop and maintain Plans of Actions and Milestones (POA&M) in Enterprise Mission Assurance Support Service (eMASS)
- Implement and assess STIG and SRGs
- Deploy security updates to Information System components
- Perform routine audits of IT system hardware and software components
- Maintain inventory of Information System components
- Participate in IT change control and configuration management processes
- Upload vulnerability data in Vulnerability Remediation Asset Manager (VRAM)
- Image or re-image assets that are part of the assigned RMF boundary
- Install software and troubleshoot software issues as necessary to support compliance of the RMF boundaries' assets
- Assist with removal of SSD, HDD or other critical components of assets before destruction and removal from the RMF boundary
- Provide cybersecurity patching of assets in times of DoD and DoN TASKORDs, FRAGORDs, or even designated by Command ISSM, ACIO, and/or Code 104 management
- Support configuration change documentation and control processes and maintaining DOD STIG Compliance
- Support cyber compliance of assets that are part of an enterprise IT network to include Windows server and CISCO networking hardware
Requirements
- Bachelor’s degree in Computer science, Information Technology, or an equivalent technical degree from an accredited college or university
- Three (3) years professional experience capturing and refining information security operational and security requirements, and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations
Qualifications
- Minimum Certification Requirement includes one of the following: CCNA-Security, CySA+, GICSP, GSEC, or Security+ CE
Skills
- Knowledge of Information Assurance Vulnerability Management (IAVM)
- Experience with Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs)
- Understanding of Risk Management Framework (RMF) guidelines
- Ability to perform Ports, Protocols, and Services Management (PPSM)
- Proficiency in performing IT and CS vulnerability-level risk assessments
- Experience with executing security control testing
- Knowledge of deploying security updates to Information System components
- Experience with routine audits of IT system hardware and software components
- Experience with maintaining inventory of Information System components
- Experience with IT change control and configuration management processes
- Experience with Vulnerability Remediation Asset Manager (VRAM)
- Experience with image or re-image assets that are part of the assigned RMF boundary
- Experience with installing software and troubleshooting software issues as necessary to support compliance of the RMF boundaries' assets
- Experience with removing SSD, HDD or other critical components of assets before destruction and removal from the RMF boundary
- Experience with providing cybersecurity patching of assets in times of DoD and DoN TASKORDs, FRAGORDs, or even designated by Command ISSM, ACIO, and/or Code 104 management
- Experience with supporting configuration change documentation and control processes and maintaining DOD STIG Compliance
- Experience with supporting cyber compliance of assets that are part of an enterprise IT network to include Windows server and CISCO networking hardware
Benefits
As an Equal Opportunity Employer, Ishpi Information Technologies, Inc. offers a competitive compensation package, comprehensive benefits, and a supportive work environment.
Pay
Compensation is commensurate with experience and qualifications.
Schedule
The schedule is flexible and can accommodate remote work options.