Cyber Security Information System Security Engineer

The Information System Security Engineer (ISSE) is responsible for executing system security design, development, testing, and implementation. The ISSE is able to identify, design and execute on security projects that improve detection and response capabilities. The ISSE is responsible for conducting software and systems engineering and software systems research to develop new capabilities with fully integrated cybersecurity while conducting comprehensive technology research to evaluate potential vulnerabilities in in the cyber domain. The ISSE is an expert in Assessment and Authorization (A&A) of Federal information systems, technology risk assessments, and the National Institutes of Standards and Technology (NIST) Cybersecurity Framework and has broad knowledge in Information Technology (IT), Operation Technology (OT), Industrial Control Systems (ICS), and cybersecurity operations. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity threat intelligence.

• Provide cybersecurity planning, assessment, risk analysis, and risk management across all domains
• Define baseline system security requirements and determine if system analysis meets cybersecurity requirements
• Determine and translate functional requirements and specifications into technical solutions
• Develops and implements test plans to address security specifications and requirements
• Performs operational testing
• Participate in the Change Management process, including review of change requests
• Works on project teams responsible for engineering and packaging software releases to integrate within the production environment
• Monitors and provides input for software updates and patches, vendor licensing management, security planning, and risk management.

• Bachelor's degree in Engineering/Computer Science/Mathematics/Information Technology Discipline with a minimum of 4years of relevant experience
• OR a Master's degree in Engineering/Science/Information Technology Discipline with a minimum of 2years of relevant experience
• 
  

  Twelve or more years of relevant education, training, and/or progressive experience may be considered to satisfy educational and years-of-experience requirements for this posting.

  
  

• Experience and/or certifications associated with RMF, ICD 503, NIST SP800-53 or DCID 6/3.
• Experience in continuous authorization practices.
• Experience applying NIST 800-53 security controls to OT environments.
• Experience designing securing OT environments in accordance with NIST SP 800-82
• Experience applying risk management framework to OT systems.
• Knowledge of systems security engineering (SSE) principles and practices.
• Knowledge of OT system threats and vulnerabilities.
• Knowledge of Risk Management Framework requirements and process.
• Hold at least one of the following certifications: Certified Information Systems Security Professional (CISSP), Global Information Security Professional (GISP), or the CompTIA Advanced Security Practitioner (CASP) or other certifications exemplifying skill sets such as those described in DOD Instruction 8570.1 Information Assurance Management (IAM) Level III proficiency.
• Knowledge of DOE and NNSA mission and cybersecurity requirements.
• Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.