ISSE (TS/SCI CI Poly)

Zachary Piper Solutions is seeking Information System Security Engineers to support a proprietary Intelligence program in Chantilly, VA. The team is seeking security engineers to support security requirement identification, compliance, and policy implementation for a classified intelligence environment.

Clearance: Active TS/SCI CI Polygraph Clearance

Location: Chantilly, VA (100% On-site)

Shift: Standard, M-FR

Number of openings: 2

Responsibilities of the ISSE:

• Provide IA security requirements to update system requirement documents
• Coordinate IA matters with other directorates and external partners as necessary
• Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.
• Validate and verify system security requirements definitions, analysis, and establish system security designs
• Validate proposed software, hardware, firmware, and infrastructure comply with security guidelines, policies, and procedures
• Apply knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
• Toolkits, SEIMs, LogRhythm, ACAS/Nessus/SCAP, mandatory/role-based access control concepts (e. g. SE Linux extensions to RHEL, PitBull, and Windows), Oracle/MS SQL database security, and Apache/IIS Web server security.
• Support security planning, assessment, risk analysis, and risk management.
• Identify overall security requirements for the proper handling of Government data.
• Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
• Review certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.
• Support security authorization activities in compliance with Information System Certification and Accreditation Process (ICD 503), the NIST Risk Management Framework (RMF) process, and prescribed ICs business processes for security engineering.

 Qualifications of the ISSE:

• Active TS/SCI CI Polygraph required in order to be considered
• Bachelor’s degree from an accredited college in a related discipline and 5+ years of prior relevant experience
• 4+ years of experience as an ISSE/ISSO on programs and contracts of similar scope  
• IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification required
• Experience implementing NIST Risk Management Framework process
• Experience reviewing certification and accreditation
• Experience with Acas/Nessus/SCAP

Compensation of the ISSE:

• Total compensation based on experience level - $130,000 - $150,000 **based on experience level**
• Full Benefits: PTO, 11 Paid Holidays, Cigna Medical, Dental, and Vision, 401k with ADP
• Certification reimbursement
• Contract mobility and job stability – Contract through 2026

Keywords: cyber, ISSO, Information system security, NIST, RMF, Risk management framework, A&A, vulnerability, Nessus, ACAS, SCAP, Oracle, compliance, policy, STIG, NIST, POA&M, IA, risk management, risk assessment, security assessor, ISSE, information system security engineer, officer, cybersecurity, networks, threat analysis, trend analysis, arcsight, splunk, wireshark, sharepoint, windows, vulnerability, cyber operations, GCIH, GSEC, MITRE ATT&CK, cyber kill chain, SOC, security operations, SME, subject matter expert, malware, red team, blue team, poly, vulnerability exploitation, ITIL, ITIL v3, sec+, security+ CE, CCNA Security, CySA+, GICSP, GSEC, SSCP, stigs, stig, ts/sci, top secret/sci, security clearance, bachelors, network defense, network defense operations, triage of events, CEH, APT, TTP, advanced persistent threat, tactics, techniques, procedures, information assurance, CND, computer network defense, CI polygraph, counter intelligence, counterintelligence, SOC, security operations center, intelligence, intelligence agency, threat reporting, cyber threat, COTS, security principles, threat hunting, reporting, briefing, protocols, operating system, OS, DOD, department of defense, Chantilly, springfield, Virginia, cyber intelligence, security tools, GSEC, SSCP, CCNA, NOC, network operations center, network traffic, bachelors, masters, government, Federal, federal systems, ACAS, NESSUS, exploitation, exploit, network monitoring