What is the salary for this Information Systems Security Engineer (ISSE)/ISSO role?

Salary information is not publicly listed for this position. Apply directly to discuss compensation with Computer World Services.

Where is this Information Systems Security Engineer (ISSE)/ISSO position located?

This is an on-site position at Computer World Services located in Falls Church, VA.

How do I apply for this Information Systems Security Engineer (ISSE)/ISSO job at Computer World Services?

Click the 'Apply' button on this page to be redirected to Computer World Services's application portal. Make sure to have your resume ready and tailor your application to highlight relevant experience.

What is Computer World Services?

Computer World Services is actively hiring for Engineering roles. Visit the company page to see all open positions and learn more about working at Computer World Services.

Information Systems Security Engineer (ISSE)/ISSO

Computer World Services Falls Church, VA Today

engineering

The mission of the OFR is to support the Financial Stability Oversight Council (FSOC) in promoting financial stability by: collecting data on behalf of FSOC; providing such data to FSOC and member agencies; standardizing the types and formats of data reported and collected; performing applied research and essential long-term research; developing tools for risk measurement and monitoring; performing other related services; making the results of the activities of the OFR available to financial regulatory agencies; and assisting such member agencies in determining the types of formats of data authorized to be collected by such member agencies.

Design, develop, engineer, and implement solutions to MLS requirements. Perform complex risk analyses which include risk assessment, SIEM-based threat detection and monitoring, and secure code review processes to identify and mitigate security vulnerabilities throughout the development lifecycle. Establish and validate information assurance and security controls based upon the analysis of user, policy, regulatory, and incorporating vulnerability scanning results, SIEM alert correlation, and code analysis findings into security posture assessments. Perform analysis, design, and development of security features for system architectures that incorporate vulnerability management capabilities, SIEM integration points, and secure code review checkpoints to ensure comprehensive security coverage across all system components.

This highly technical role requires deep understanding of modern cybersecurity engineering principles, control validation, including security-as-code, infrastructure-as-code, and DevSecOps practices. The engineer should have proven experience conducting security assessments, hands-on experience managing a vulnerability management program, reviewing and recommending detection rules, incident response playbooks, and performing regular audits of security controls and access management systems.

Key Tasks & Responsibilities

To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide accurate accounting and tracking for risks and findings.

Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms to identify, prioritize, and remediate security vulnerabilities and configuration baselines across the enterprise infrastructure.

Implements automated container vulnerability scanning tools, such as AWS Clair, to identify and evaluate critical findings.

Perform application security testing using Fortify WebInspect to assess web applications for security flaws and conduct thorough code reviews using Veracode to identify vulnerabilities in source code.

Create custom queries and generate detailed reports in Splunk to support security monitoring, incident analysis, and compliance reporting.

Tracked, monitor and report on Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA), continuous monitoring activities, vulnerability scans, application security tests, and code analysis will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making.

Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted.

Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring).

Education & Experience

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls to measure the effectiveness of controls and identify control gaps

Ensure compliance with guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies

Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums

Identify, assess, and prioritize identified risks

Collect evidence, artifacts, and document findings to support conclusions

Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies

Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)

Coordinate third-party risk assessments and IT audits

Manage remediation efforts and report on the status of control deficiencies

Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)

Strong written and verbal communication skills; must be able to effectively communicate with all levels of staff up to executive-level management, customers (internal and external), and vendors.

Ability to work effectively under pressure; previous experience as an emergency medical responder, firefighter, or related high-pressure environment preferred but not required

Familiar with basic python, JSON, and/or PowerShell

Familiar with AWS Cloud Services - EC2, VPC, S3, RDS, CloudFormation, Systems Manager, CloudWatch, Security Hub

Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10

Certifications

Certified Information Security Professional (CISSP) preferred

Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent

Security Clearance

Public Trust High (Tier 4/BI) Risk Level

Must be a US citizen

Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)

D.C. or Remote

Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.

Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Human Resources at hr@cwsc.com