Overview:
Spathe is currently searching for a Information Systems Security Engineer (ISSE) to join our team in the Arlington, VA area.
Spathe Systems is a rapidly growing SOF led, 8(a) defense contractor headquartered in Tampa, FL with offices in Fayetteville, NC and strategic partner locations in Virginia Beach and Coronado. As a small business with a tight knit family feel, Spathe empowers its employees to solve problems and make decisions.
Responsibilities:
- The ISSE will work as part of a team reviewing and assessing Risk Management Framework (RMF) authorization body of evidence for classified information systems, to include: System Security Plan (SSP), Security Control Traceability Matrix (SCTM), Continuous Monitoring Plan, Incident Response Plan, Access Control Plan, Security Assessment Plan, etc.
-
Review new and existing systems for technical compliance with IA directives and protection of data at all classification levels including SCI. Advise on in-depth security design review and threat/risk assessments.
-
Provide inputs to technical artifacts, including Plans of Action and Milestones (POA&Ms), Security Control Traceability Matrices (SCTM), and Risk Assessment Reports (RARs).
-
Conduct site visits and assessments to inspect IA plans and security control implementations and support Incident Response Team (IRT) activities.
Nice to haves:
-
Other Security related certification (Cloud, SIEM, forensics, Linux, Windows, etc)
-
Experience working in a DevSecOps project environment.
-
Formerly or currently a system administrator, developer, or engineer.
-
Experience with OpenRMF, eMASS, MS Active Directory, Splunk, ACAS/Nessus, McAfee, Windows, Linux, AWS Security, etc.
-
Strong verbal and written communication skills. Able to engage with users in a professional manner and present technical concepts plainly to semi-technical customers. Ability to interface with seasoned Government personnel.
-
Ability to work in a matrixed team environment and support multiple different efforts as needed.
-
Desire to learn new technologies and tools and willing to share your experience with the team
-
JSIG or ICD 503 compliance
Qualifications:
Must haves:
-
DoD 8570 IAT Level II certification or higher (Sec+, CISSP, CASP, etc.)
-
Ability to support a hybrid work schedule with 2-3 days per week on-site (Arlington, VA)
-
5+ years of implementing NIST 800-53, Rev 4 and the Risk Management Framework (RMF)
-
5+ years of experience with Windows and Linux environments.
-
5+ years of experience with virtualization or cloud environments.
-
2+ years of using information security and assurance practices and principles.
Clearance Required:
-
An active Secret and willingness to take a Polygraph if/when selected by the client
Job Type:
Work Location:
-
One location – Arlington, VA
Travel:
-
Up to 10% travel during the year.
Benefits:
-
Health insurance
-
Dental insurance
-
Retirement plan
-
Paid time off
-
11 paid holidays per year
Position ID: JF01ISSE