Overview:
VTG is seeking an Information Systems Security Engineer (ISSE) for a technical development program supporting a cloud-based application, and its associated cloud infrastructure located on a secure network. The ISSE will work with a large team of developers, software engineers, database administrators, and system architects. The ISSE will be required to carry a duty phone on a rotational basis, and may need to come in to address issues that arise.

Responsibilities:

• Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
• Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines.
• Participate in creating secure architectures and designs.
• Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
• Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements.
• Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts.
• Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
• Performing vulnerability scanning and analysis of the system
• Perform remediation and develop security implementations based on security findings
• Interface with Information System Security Managers (ISSM) to develop and accredit the system
• Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief management

Qualifications:

• Active TS/SCI with Polygraph
• Typically requires a Bachelor of Science (BS) degree and relevant experience as follows:
• Expert: 11-16 years
• Hands on experience with Linux (CLI)
• Hands on experience with scripting and programming languages like BASH and Python
• Solid understanding of, experience with networking (e.g., ports, routing tables, subnets, VPNs, firewalls, routers, etc.) to include design, integration and troubleshooting issues
• Experience in working on teams utilizing Agile workflows and processes
• Strong understanding of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and Common Vulnerabilities and Exposures (CVEs)
• Experience with RMF workflow tools

• Identifying, selecting, implementing and assessing NIST SP 800-53 security and privacy controls.
• Developing, establishing and integrating secure configuration baselines per DISA STIGs and CIS benchmark guidelines.
• Participate in creating secure architectures and designs.
• Ensuring security requirements are integrated into the System/Software Development life cycle (SDLC).
• Performing Continuous Monitoring (ConMon) activities to support Assessment and Authorization (A&A) requirements.
• Reviewing, creating and maintaining relevant Assessment and Authorization (A&A) artifacts.
• Performing security analysis and monitoring of a 100 percent AWS, cloud-based system
• Performing vulnerability scanning and analysis of the system
• Perform remediation and develop security implementations based on security findings
• Interface with Information System Security Managers (ISSM) to develop and accredit the system
• Participate in or lead technical exchange meetings, document meeting outcomes as needed, and brief managemen