IT Modernization Information Systems Security Engineer

• Integrate cybersecurity requirements into system architecture, design, and engineering processes from concept through deployment
• Develop and maintain system security artifacts including Security Plans, Security Controls Traceability matrices, architectural diagrams, and engineering documentation
• Perform security engineering analyses, including threat modeling, vulnerability assessments, and security impact analyses of proposed changes
• Select, tailor, and implement security controls aligned with NIST SP 800-53, CNSSI 1253, the Joint Special Access Program (SAP) Implementation Guide, and/or applicable organizational frameworks
• Communicate risk analysis associated with engineered solutions including mitigation strategies, residual risk and risk-benefit recommendations
• Perform requirements analysis, design, and integration for complex software applications and collaboration infrastructures
• Participate in the change management process, including submitting and reviewing Change Requests (CRs) and assisting in the assessment of security impact of proposed changes
• Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active Plans of Action and Milestones (POA&M)
• Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization
• Collaborate with ISSOs, system administrators, and development teams to remediate vulnerabilities and ensure secure system configurations
• Communicate with multiple systems owners to address security relevant design and integration requirements for hybrid systems
• Evaluate cloud supporting technologies in areas of encryption, identity and access control, boundary protection, and logging/monitoring
• Support incident response and forensic analysis as needed, ensuring proper coordination with organizational cybersecurity teams
• Support development and execution of governance frameworks for managing and authorizing national security systems

• 12+ years' technical experience in cybersecurity, information technology, or systems engineering
• Excellent communication skills (verbal and written) required
• Must have experience working with Special Access Programs (SAPs)
• Strong proficiency in Cloud architecture and associated security elements
• Must possess excellent analytical skills and be capable of quantifying risk to enterprise systems and level of compliance with security policy

• Secure systems engineering practices, including threat modeling, security architecture design, and/or system hardening
• Software Development in Java, Python, Ruby and/or C++
• Linux Expertise
• Dynamic & Static Application Security Scanning (e.g., OPSWAT, OWASP ZAP, BurpSuite, Fortify
• Experience with vulnerability management tools (e.g., Tenable, Defender), SIEM technologies, and secure configuration baselines
• Infrastructure Security Scanning, Vulnerability Scanning (NMAP, Azure Defender, AWS Inspector, ACAS/Nessus)

• Information Systems Security Engineering Professional (ISSEP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP).
• CompTIA Advanced Security Practitioner (CASP)
• GIAC Cloud Security Essentials Certification (GCLD)

• Bachelor's degree in engineering, computer science, cybersecurity, networking, or programming
• (Master's degree DESIRED)

• Current/active Top Secret/SCI; Current or recent DoD SAP access

• 
  
  
  
  Interesting Work:
  
  
  
  Our co-workers support some of the most important and critical programs to our national defense and security.
  
  
• 
  
  
  
  Values:
  
  
  
  Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry.
  
  
• 
  
  
  
  100% Employee Owned:
  
  
  
  We have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year.
  
  
• 
  
  
  
  Great Benefits - Most Full-Time Staff Are Eligible for:
  
  
  




• 
  Starting PTO accrual of 20 days PTO/year + 10 holidays/year
  
• 
  Flexible schedules
  
• 
  6% 401k match with immediate vesting up to $9k annually
  
• 
  Semi-annual bonus eligibility (July and December)
  
• 
  Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement account
  
• 
  Up to $10,000 in annual educational reimbursement
  
• 
  Other company funded benefits, like life and disability insurance
  
• 
  Optional zero deductible Blue Cross/Blue Shield health insurance plan
  




• 
  
  
  
  Track Record of Success:
  
  
  
  We have grown every year since our founding in 1993.
  
  

Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance

MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.

For more information about MTSI, please visit www.mtsi-va.com