Information Systems Security Engineer

Req ID: 284436 

NTT DATA Services strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Information Systems Security Engineer to join our team in Arlington, Virginia (US-VA), United States (US).

Job Description:

An Information System Security Engineer (ISSE) is responsible for the design, development, implementation, and/or integration of an organization’s IA architecture, system, or system component. They ensure that IA related Information Security (IS) will be functional and secure. They define IA requirements that provide for the Government's assessment and authorization process of an IT system. They provide systems security engineering, integration services, technical assessments, and solutions. This includes analyzing the IA/Information Systems environment, helping customers understand information security needs, defining system security requirements, designing system security architectures, developing, and implementing detailed security designs and measures to safeguard information, and assessing information protection effectiveness.

Personnel assigned to this role will serve primarily on the Cybersecurity Services Security Team. This role is responsible for coordinating with other internal teams, sections, or divisions within the organization. These include but are not limited to: IT Operations, Engineering & Integration, Software Operations, and the Office of Investigative Technology. The designated contract team member for the Cybersecurity Services Security team is considered Key Personnel.

Job Duties:

• Responsible for the thorough documentations of implementations, via technical documentation and playbooks.
• Working as an Information System Security Engineer (ISSEs) designing, reviewing, and updating program assets which are going through the Risk Management Framework process for: Security Impact Analysis (SIA’s), Security Assessment Reports (SAR’s), SPAA/SA&A (Security Planning Assessment & Authorization) process as part of continuous monitoring and or accreditation.
• Provide engineering support for Cloud Computing integrations, migrations, architecture, and security in support of Cyber Security Staff, PMO, Assessors, the ISSM, CISO, AO, CO, and or CIO of the organization.
• Monitoring systems to ensure security is implemented at the beginning and throughout the System Developmental Life Cycle (SDLC).
• Reviewing security-related service requests at an enterprise level to ensure that each request is implemented in accordance with agency policies and standards. Works as subject matter expert in guiding programs through the Risk Management Framework (RMF) process steps 1-3.
• Conducts information system security engineering activities.
• Captures and refines information security requirements to ensure that the requirements are effectively integrated into information technology components while thoroughly architecting, designing, and developing the configuration.
• Provide expert-level technical consultation to the development team IPT to support the design process, complex information security architectures, or to upgrade legacy systems.
• Employ best practices when implementing security controls within an information system including software engineering methodologies, and system/security engineering principles, secure design, secure architecture, and secure coding techniques.
• Perform security research, analysis, and design for all client computing systems and network Infrastructure.
• Develop, implement, and document formal security controls, TTPs, and policies throughout the program and monitors compliance.
• Lead the technical aspects of internal security audits and investigations.
• Manage and maintain a library of security audit tools, and corresponding processes.
• Secure custom software applications, operating systems, and COTs products.
• Communicate cyber security language to business stakeholders.

Basic Qualifications:

• MS/MA in Information Technology Management, Business, or task order specific discipline
  • Education Equivalency: High School Diploma + 4 additional years of experience = Associate's Degree; Associate's Degree + 4 additional years of experience = Bachelor's Degree; Bachelor's Degree + 4 additional years of experience = Master's Degree.
• Must be able to successfully complete a DEA background investigation in conjunction with being an active Secret or higher clearance holder and must be eligible for a Top-Secret clearance if requested.
• Minimum 10 years of experience in any combination of:
  • Identifying security issues, risks, and developing mitigation plans.
  • Network, system, software, and/or cloud architecture; design, implementation, support, and evaluation of security-focused tools and services.
  • 8570 Compliant / Sec+ (Mandatory).
  • CSSLP, CISSP, ISSEP, or CASP (Within 6 Months of Hire).
  • Experience with DoD/DOJ vulnerability analysis and Industry Best Business Practices
  • Information System Security, security engineering, integration computer forensics, insider threat, or SPAA.
  • Cyber security/incident response events; architecting, engineering, developing, and implementing cyber security/incident response policies and procedures.
  • Engineering, testing, installing, patching, and upgrading various information security hardware, software, or cloud applications.
  • Experience with the A&A process involving applications on various security domains.
  • Creation, administration, and maintenance of the body of evidence documentation and artifacts required in the A&A process.
  • Experience with NIST 800-53 (REV4/5), 800-37 (REV2), Risk Management Framework (RMF).
  • Experience submitting systems for security scanning, analyzing scan results, and planning and performing remediations.
  • Experience with the security conditions at all layers of an application data, application, user interface, user accounts roles permissions, etc.

Preferred Qualifications:

• Any combination of security engineering experience in the following areas: 
  • SPLUNK, tools (CORE, SOAR, ES, UBA), SIEM, Azure Cloud, AWS cloud, Kubernetes, Docker, Rancher, Linux, or windows command line experience. Familiarity with container orchestration is a plus.
• Experience in DevSecOps, Cloud Security (AWS/Azure).
• Preferred Certifications: AWS Cloud Practitioner, DevOps Engineer, Security.
• Experience with cloud tools: Security hub, Inspector, Lambda, EC2, Cloud Formation, RMF experience, Code review for vulnerabilities.

#FEDSEC

About NTT DATA Services

NTT DATA Services is a recognized leader in IT and business services, including cloud, data and applications, headquartered in Texas. As part of NTT DATA, a $30 billion trusted global innovator with a combined global reach of over 80 countries, we help clients transform through business and technology consulting, industry and digital solutions, applications development and management, managed edge-to-cloud infrastructure services, BPO, systems integration and global data centers. We are committed to our clients’ long-term success. Visit nttdata.com or LinkedIn to learn more.

NTT DATA Services is an equal opportunity employer and considers all applicants without regarding to race, color, religion, citizenship, national origin, ancestry, age, sex, sexual orientation, gender identity, genetic information, physical or mental disability, veteran or marital status, or any other characteristic protected by law. We are committed to creating a diverse and inclusive environment for all employees. If you need assistance or an accommodation due to a disability, please inform your recruiter so that we may connect you with the appropriate team.