Security Engineer / ISSO Support
New
Based in the United States, Eastern TimeFull-TimeSenior
Salary not disclosed
Apply NowOpens the employer's application page
Job Details
- Experience
- 6+ years
- Required Skills
- AWSCI/CD
Requirements
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field.
- 6+ years of experience in federal information security, including ISSO responsibilities or ATO leadership within a civilian federal agency.
- Strong expertise in FISMA, NIST 800-53, NIST 800-63, and federal ATO/SDLC processes.
- Hands-on experience implementing Zero Trust Architecture in AWS, including IAM hardening, segmentation, and cloud security controls.
- Proven experience with CI/CD security tooling such as SAST, DAST, OWASP ZAP, and container vulnerability scanning.
- Deep knowledge of AWS security services including IAM, CloudTrail, CloudWatch, AWS Config, and Secrets Manager.
- Experience supporting or authoring PIAs, SORNs, and federal privacy/security documentation.
- Strong understanding of federal compliance frameworks including TIC, Section 508, 21st Century IDEA Act, and software supply chain security requirements.
- Excellent communication skills with ability to produce detailed security documentation and engage technical and non-technical stakeholders.
Responsibilities
- Serve as the primary ISSO and security subject matter expert supporting ATO processes and federal system authorization activities across the full SDLC.
- Design, implement, and maintain Zero Trust Architecture (ZTA) across AWS environments, ensuring security controls are embedded at every layer of the stack.
- Ensure compliance with federal standards including FISMA, NIST 800-53, NIST 800-63, OWASP ASVS Level 2, Privacy Act, and Federal Records Act requirements.
- Integrate security testing tools (SAST, DAST, OWASP ZAP, container scanning, dependency analysis) into CI/CD pipelines and enforce secure delivery practices.
- Manage AWS security services including IAM, Secrets Manager, CloudWatch, CloudTrail, AWS Config, and enforce secure configuration and logging standards.
- Support Privacy Impact Assessments (PIAs), System of Records Notices (SORNs), and documentation of data usage, retention, and protection policies.
- Collaborate with engineering, IV&V teams, and government stakeholders to resolve security findings and continuously improve system posture.
- Ensure auditability and compliance of production environments through monitoring, logging, and continuous security validation.
- Participate in Agile ceremonies, sprint planning, and DevSecOps delivery cycles using JIRA and GitHub.
View Full Description & ApplyYou'll be redirected to the employer's site
