Information Systems Security Engineer Job Description
Information systems security engineer
provides expert guidance and work product evaluation to the IT engineering team for the design, development, implementation, evaluation, and/or integration of secure networking, computing, and enclave environments.
Information Systems Security Engineer Duties & Responsibilities
To write an effective information systems security engineer job description, begin by listing detailed duties, responsibilities and expectations. We have included information systems security engineer job description templates that you can modify and use.
Sample responsibilities for this position include:
Performing or reviewing technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
The Information Systems Security Engineer (ISSE) shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies
Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established information assurance (IA) standards and regulations, and recommend mitigation strategies
Develop, implement, and document formal security programs and policies throughout the program and monitors compliance to these policies and programs
Collaborate with security managers (both corporate and local), other ISSE’s and ISSM’s to define, improve, implement and maintain information security policies, strategies, and procedures
Develop, implement, and document formal security programs and policies throughout the organization and monitors compliance to these policies and programs
Implement Information Assurance (IA) processes, provide guidance, and develop documentation throughout the system development life-cycle
Knowledge of fundamental
Able to communicate effectively with other system engineers, system administrators, software developers, and information assurance professionals operational users and diverse mission planners
Validating and verifies system security requirements definitions and analysis and establishes system security designs
Information Systems Security Engineer Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Systems Security Engineer
List any licenses or certifications required by the position: CISSP, SSP, POA&M, ATC, ATO, DOD, NSA, ISC, SANS, FIPS
Education for Information Systems Security Engineer
Typically a job would require a certain level of education.
Employers hiring for the information systems security engineer job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Computer Science, Engineering, Information Assurance, Information Security, Technical, Information Systems Security, Government, Management, Electrical Engineering, Information Technology
Skills for Information Systems Security Engineer
Desired skills for information systems security engineer include:
Advance briefings to senior leadership
Facility coordination and management
Post event reports
Relevant topics
U.S. Coast Guard organizations and relationships
Procedures
Develop
ICD 503
Computing
Enclave environments
Desired experience for information systems security engineer includes:
CISSP or CISSP-ISSEP DoD approved 8570 baseline certification
CISSP-ISSEP DoD approved 8570 baseline certification
Extensive experience and education in information assurance, , accreditation security testing and evaluation
Assisting architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions
Enforcing the design and implementation of trusted relations among external systems and architectures
DoD 8570 compliance with IASAE Level 3 is required Both Information Systems Security Engineering Professional (ISSEP)
Information Systems Security Engineer Examples
1
Information Systems Security Engineer Job Description
Job Description Example
Our company is searching for experienced candidates for the position of information systems security engineer. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for information systems security engineer
- Maintain system patches
- Assess potential risks, mitigation measures, residual risks, and provide a recommendation to the Government for approval or disapproval
- Facilitate and manage security vulnerability assessments and penetration tests
- Plan and oversee configuration changes for major security infrastructure platforms
- Lead the technical aspects of internal security audits and investigations
- Represent the program's technical security interests with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of technical information and best practices in information security
- Manage and maintain a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues
- Primary responsibilities will be in facilitating the collection, audit and submission of required deliverables through the Certification and Accreditation (C&A) process
- This person will also be the "Action Officer Liaison" to Engineering, tracking and reporting on DIACAP packages as they move through accreditation
- Support the Engineers with information assurance compliance tracking and analysis
Qualifications for information systems security engineer
- ITIL Foundations certification is desired
- Candidate must demonstrate a strong understanding of Windows security, virtualization security, and process experience with DoD certification processes
- Candidate must process a CISSP or equivalent IA certification, and a Cisco CCNA Security or equivalent
- Candidate must demonstrate a strong understanding of Windows security, virtualization security, network security and process experience with DoD certification processes
- Recent experience creating and updating C&A packages (DIACAP and/or RMF)
- DoD 8570 compliance with IASAE Level 2
2
Information Systems Security Engineer Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information systems security engineer. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information systems security engineer
- Present technical document to internal and external customers
- C&A activities account for 50% of the workload for Engineering Support at a rate of 15 solutions per week
- Lead System Security Engineering (SSE) and Cybersecurity/IA efforts by establishing or validating the system boundary in describing the IS, its functions, information types operating environments, and security requirements
- Capture and refine information security requirements and ensure that the requirements are effectively integrated into information systems throughout the System Development Life Cycle (SDLC)
- Employ best practices when implementing security requirements within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques
- Conduct security control assessments
- Coordinate the system security related activities with ISO’s, ISSM’s and CCP’s
- Represent IA in the configuration management process
- Plan and conduct annual and/or ad hoc vulnerability scanning and security control assessments at customer sites to ensure compliance with Authorizing Official requirements (Continuous monitoring)
- Participate in proposal efforts containing Cybersecurity/IA-related SOW/tasks to address scope, capability, cost, schedule, and resources
Qualifications for information systems security engineer
- Must have CEH (Certified Ethical Hacker) Certification
- Utilize engineering principles and experience to prepare engineering drawings, technical basis's, engineering change notices, work requests, equipment specifications, purchase requisitions, engineering transmittals, as necessary to accomplish assigned tasks
- Be comfortable interfacing with military and civilian management, project teams from various regions
- Be able to communicate with the Customer and understand their needs
- Must currently have an active TOP SECRET clearance or have had a TOP SECRET clearance that is currently in a dormant status
- Must have or be eligible for the Top Secret “SCI” designator
3
Information Systems Security Engineer Job Description
Job Description Example
Our growing company is looking to fill the role of information systems security engineer. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information systems security engineer
- Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System (IS) lifecycle
- Extensive knowledge of Department of Defense, Department of Navy, and Intelligence Community policies, procedures, and guidelines for designing secure architectures
- Ability to develop and interpret security architectures, data flow diagrams, engineering electrical/pinout drawings, and publications that depict the system(s) architecture
- Interface with company and customer staff at all levels
- Punctuality to work each day and prepared to work scheduled work hours or longer as needed
- You are responsible for maintaining the appropriate operational security posture for the information systems within your region
- Serve as the principal adviser to the Government on all matters, technical and otherwise, involving the security of the information system and you are responsible for day-to-day security operations
- Monitor trends in information technology and security that could have an impact on the security of the organization's products, processes, infrastructure, or customers
- Evaluate hardware design, operating systems, and software applications proposed for programs to ensure that each adequately address IA security requirements and provide confidentiality, integrity, availability, authentication, and non-repudiation
- Run and review CIS hardening compliance scans and ensure system compliance with the clients baselines
Qualifications for information systems security engineer
- Bachelor’s degree in a related discipline or equivalent experience (4 years)
- Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 3 and Information Assurance Manager Level 2 within 6 months of the date of hire
- Eligibility for access to Special Access Program Information
- Willingness to submit to a Counterintelligence polygraph
- Must have a minimum of 5 years related experience in defining and reviewing system security requirements for complex IT-based systems
- Compliance with DoD 8570 certification requirements
4
Information Systems Security Engineer Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information systems security engineer. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information systems security engineer
- Ensures the design of hardware, operating systems, and software applications adequately address information security requirements on the customer’s hosted systems
- Provides lead technical security support and systems security integration support in the development and production environments
- Develops documentation for the design, development, and implementation for system security technologies and solutions
- Identify improved or equal security features and safeguards provided for system enhancements
- Coordinate with appropriate Security Control Assessors (SCAs) early in engineering design phase for ongoing coordination, understating in development and application of security controls, and security tradeoffs and other decisions
- Provide technical guidance in security design reviews and analyze vendor documentation for government and commercial solutions
- Oversees and reports compliance with system security plans (SSPs) on all government customer information stores, systems and networks and reviews audit logs for security significant issues and events
- Provide network services engineering expertise in support of strategic defense of essential network infrastructures and operations against compromise by ensuring integrity and robustness of interconnections between networks of different security domains
- Provide Cross Domain Solution (CDS) system security control guidance
- Execution of the Assessment & Authorization (A&A) process in accordance with government requirements (i.e., ICD-503)
Qualifications for information systems security engineer
- Must be a good communicator and have excellent interpersonal skills
- Familiar with Configuration and Administration with Enterprise Security Information and Event Manager (SIEM)
- Experience in the Integration of multiple SIEM tools into a Single Architecture
- Working Knowledge of Operating System Auditing (both Syslog and Window Event Log) preferred
- Familiar with Amazon Machine Images (AMIs)
- Familiar with the Amazon Web Services (AWS) Console
5
Information Systems Security Engineer Job Description
Job Description Example
Our company is growing rapidly and is hiring for an information systems security engineer. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information systems security engineer
- Provide knowledge and implementation impacts of automated security testing tools (I.e., ACAS, Fortify, WebInspect, SonarQube, OWASP Zap)
- Serve as an advisor to development groups about the security Assessment & Authorization process and milestones in order to achieve schedule
- Serve as a IA subject matter expert in cloud based multi-tenant environments
- Perform analysis and evaluation to design, implement, test and field secure systems, networks, and architectures
- Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy
- Support the Government to resolve conflicting system security engineering requirements
- Liaison with Department of Defense (DoD), Intelligence Community (IC), Department of the Navy (DoN) and Naval Air Systems Command (NAVAIR) stakeholders
- Actively being used or within scope DoD TS/SCI clearance
- Ability to obtain a favorable Counter Intelligence (CI) Polygraph
- Expert knowledge of security engineering, design concepts and principles
Qualifications for information systems security engineer
- Information Systems Security Engineering Professional (ISSEP) and CISSP Certifications are required
- Bachelor of Science degree from an accredited university in Computer Science, Information Assurance, Information Security System Engineering or related field with a minimum of 14 years of experience as an Information Systems Security Engineer (ISSE) on programs and/or contracts with the Federal Government
- Candidate must process a CISSP or equivalent IA certification, RHEL 6 System Administration, MCSA, or other equivalent certification
- Identifying Information Protection needs and define System Security Requirements
- Familiar with Amazon Machine Instruction Generation and Testing
- Strong listening and collaboration skills