Information Systems Security Engineer (ISSE)

• Location: Chantilly, Virginia
• Type: Contract
• Job #3339

Information System Security Engineer (ISSE)

Location: Chantilly, VA
*Clearance: *Active TS/SCI w/ Polygraph needed to apply *
Company Overview:
Cornerstone Defense is the Employer of Choice within the Intelligence, Defense, and Space communities of the U.S. Government. Realizing early on that our most prized assets are our employees, we continually focus our attention on improving the overall work/life experience they have supporting the mission. Our Team is pushed every day to use their industry leading knowledge to provide end-to-end solutions to combat our nation's toughest and most secure problems. If you are looking for a place to not only be professionally challenged, but encouraged and supported by a company that cares, don't look any further than Cornerstone Defense.

The team is seeking a highly skilled and experienced Principal Information System Security Engineer to join our team. The successful candidate will bring extensive knowledge and hands-on experience in cybersecurity engineering, risk management frameworks, and secure software development lifecycle management. This role involves leading and managing accreditation efforts, conducting risk assessments, and collaborating with cross-functional teams to ensure the highest standards of information security across our applications and systems.
#DVS

Responsibilities:

• Oversee cybersecurity measures for applications within an agile software environment.
• Manage the assessment and authorization (A&A) efforts for accrediting and reaccrediting system authorizations.
• Utilize common control provider (CCP) knowledge to secure authorization for applications on new platforms.
• Work closely with stakeholders to ensure seamless decommissioning and accreditation of replacement systems with no downtime.
• Conduct technical exchange meetings (TEMs) and liaise with key departments to facilitate A&A efforts.
• Track and manage Plan of Action and Milestones (POAMs) across all systems, ensuring completion and recommending remediation steps.
• Conduct system self-scans to support initial, update, and reaccreditation efforts.
• Perform technical planning, system integration, verification and validation, and risk assessments.
• Create Basis of Estimate (BOE) documentation and other critical artifacts for system A&A efforts.
• Develop and document security evaluation test plans and procedures.
• Provide documentation and recommendations for security best practices and risk management framework (RMF) accreditation.
• Drive application security and secure software development lifecycles, including containerization security as per NIST SP 800-190.
• Conduct hands-on security testing, analyze test results, and recommend countermeasures.
• Provide guidance on cloud computing services, deployment architecture, and network management tools.
• Review project requirements and assist in the development and tracking of project tasks and client deliverables.
• Communicate with clients on project-specific activities and manage project-related deliverables.
• Facilitate process working groups to analyze existing processes and create new business strategies.

Here's What You'll Need:

• TS/SCI with Poly
• Bachelor's Degree in Security and Intelligence, or a related field.
• CompTIASecurity+ CE, AWS Advanced Architect, and Splunk Fundamentals 1 and 2 certifications.
• Extensive experience in information system security engineering, risk assessment, and vulnerability management.
• Strong understanding of cloud computing services, secure software development lifecycles, and containerization security.
• Proficient in creating and maintaining security documentation and Standard Operating Procedures (SOPs).
• Demonstrated experience in leading technical exchange meetings, managing project deliverables, and ensuring compliance with security standards and policies.