Information Systems Security Engineer (19-01964)
- $75K - $80K Hourly
- Full Time
- Health Insurance, Dental Insurance, Vision Insurance, 401K / Retirement
- Employer Likely to Respond
Information System Security Engineer L2
Primary Location: Colorado Springs, CO
Clearance Requirement: Active Secret Clearance
Provide engineering support and capability to consult/troubleshoot security related matters for enterprise information systems and network architectures, system access problems and implementation of security policies and procedures. Ensure security access and protect against the unauthorized access, modification, or destruction of systems or data. Demonstrate familiarity with a variety of security concepts, practices, and procedures, including the importance of building security requirements and practices into the systems engineering process and the software development lifecycle. A wide degree of security-relevant creativity and latitude is expected. The Information System Security Engineer reports to the Mission Support Manager.
Apply intermediate-level knowledge of information security principles and practices. Manage and maintain the security integrity of all IT systems and network architectures. Ensure systems are securely operated, maintained, and disposed of in accordance with security policies and practices defined by the customer (federal government agency) and outlined in the security plan. Ensure all system users have the correct authorizations and privileges to perform their jobs, and are aware of their security responsibilities while accessing the system.
Provide training to system users on preferred security practices. Author risk assessments and support certification and accreditation activities. Participate in system reviews, to include custom, COTS and GOTS software and hardware, and in-house software development, and provide recommendations for securing the systems and software.
Other facets of the IT Security Engineer responsibilities include the following:
- Provide daily, ongoing security oversight of assigned systems, to include the security impact of proposed modifications, additions, and technology refresh evolutions
- Advise users of the security features and procedures used in their ISs
- Understand system security vulnerabilities and associated threats, and assess the overall security risks to the system.
- Provide mitigation recommendations to reduce identified security risks
- Work directly with internal IT staff and customer to establish and enforce IT security best practices, protection objectives, process improvements and effective IT security controls
- Perform system vulnerability scanning using approved software tools
- Demonstrate understanding of software installations, systems monitoring and troubleshooting, account management, and overall efforts to minimize system downtime
- Understand the administration of critical server infrastructure, including stand-alone and virtual servers, Containerization, server backup and recovery, and platforms such as file servers and web servers
Provide support to the administration staff for security-relevant applications, such as IDS/IPS and log manager, and associated accounts. Assist in IT security incident response and documentation. Perform regularly scheduled security reviews (e.g., technology, operations and personnel).
Serve as an interface to government compliance and policy teams to ensure the system consistently meets the requirements for certification and accreditation. Participate in designing and managing IT Security strategy including both infrastructure and applications. Assist with security and compliance based projects. Consult with users to determine requirements, and provide security solutions to meet needs. Coordinate projects involving database and security issues and requirements.
- Bachelor's Degree in Computer Science, Information Systems Management, Information Technology or other related discipline
- 3-5 years' Information Security experience as a Security Engineer supporting development, test and production environments.
- Experience implementing and enforcing security directives, policies, publications and regulations
- Experience with System Security Plan content and requirements
- Experience in IT security certifications (CISSP, CompTIA Security +, CPP)
- Possess clear understanding of security protocols and standards and have experience with software and security architectures.
- Ability to design and implement security tests in accordance with stated criteria
- Experience with security practices of Intranet and Extranet
- Experience with Linux/UNIX and Windows Operating Systems
- Experience understanding protocols and standards, such as, SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S and Microsoft DNS
- Experience in networking concepts and services, such as, VPNs, IPSec, PKI and TCP/IP
- Expertise in accreditation processes, such as Risk Management Framework (RMF), with knowledge of NIST 800.53 standards.
- 3+ years of experience in IT security field
- Familiar with security controls for Federal Information Systems
- Ability to integrate and function as a Security professional team member
- Ability to work with minimal direction on a variety of, and sometimes ambiguous, requirements
- Strong communication skills, both oral and written
- Organized, responsive and highly thorough problem solver
- Familiar with security controls of Federal Information Systems
Bachelor's degree or equivalent in Computer Science, Information Systems Management, Information Technology or other related discipline with 3 or more years related professional experience.
Active DoD Secret and Client suitability
Day, 7AM – 4PM, Some on call
Relocation authorized: None
ALTA IT Services, LLC. is an equal opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veteran status, sexual orientation, or any other factor.