Principal Information Systems Security Engineer

TUNUVA Technologies (a wholly owned subsidiary of VTG) seeks to hire a Principal Information Systems Security Engineer (ISSE4) to conduct information systems security engineering activities throughout the acquisition lifecycle. ISSEs are responsible for capturing and refining information protection requirements to ensure their integration into information systems acquisitions and information system development through purposeful security design or configuration. The contractor integrates security functional requirements into existing acquisition lifecycle phases, milestones, and documents using systems engineering principles, methods, concepts, and practices. Personnel shall be knowledgeable of best practices when implementing security controls including software engineering methodologies, security engineering methodologies, security engineering principles, and secure coding techniques, and coordinate activities with assessment and authorization (A&A) stakeholders.

Responsibilities

• Collaborate with system stakeholders and teammates to enhance system security
• Communicate effectively with all security stakeholders
• Trace, define, and plan security control implementation based on functional requirements and system data types (i.e. system categorization, control tailoring, SCTM, and test plans)
• Review system security designs and architectures
• Advise system engineers (developers) on best methods to achieve risk reduction
• Create, revise, or review cybersecurity documentation
• Proactively identify opportunities for increasing customer value and engagement

Requirements

• Clearance: Active TS/SCI with Polygraph
• Currently hold or obtain and maintain DoD 8570 IAT-3 certification within 6 months of starting the position
• Bachelor's degree + 11 years of experience OR High School/GED + 15 years of experience OR Associate's degree + 13 years of experience OR Master's degree or higher + 9 years of experience
  
  • Applicants should possess education and experience at the appropriate level for the position. Education in the following areas is considered relevant: computer engineering, information security, information management, and/or computer science. Education in the following areas is considered relevant: Computer science, computer engineering, or related field of study. Experience in the following areas is considered relevant: Information technology security, information systems security, information assurance engineering, performing certification & accreditation testing.

Desired Qualifications

• Knowledge of and experience with ICD 503 and NIST SP 800-37 Risk Management workflows
• Knowledge of and experience with systems engineering principles discussed in NIST SP 800-160 v1 and v2
• Proficient with server, desktop, and infrastructure hardware design and configuration for on-prem and their equivalents for cloud solutions
• Knowledge of system methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, VPNs, VLANs, WAN, MAN, LAN, switches, routers, and Identity and Access Management (IAM)
• Experience configuring, and supporting virtualization technology, at a minimum, VMware, Xen, Hyper V, and cloud containers.
• Technical experience in configuring and hardening, at a minimum, Windows, Linux, and MacOS
• Experience in technical project management
• Technical experience in software engineering, program design and implementation, configuration management, system maintenance, integration testing, and information system engineering
• Experience in Digital Engineering or Model-Based Systems Engineering (MBSE) is a plus