Information Systems Security Engineer (ISSE) - Vulnerability Analyst

About the Team:

The Classified Cyber Security team at STR is comprised of highly skilled professionals who are responsible for maintaining compliance IAW with Government protocol and directives. 

The Classified Cybersecurity (CCS) team consists of a collaborative group of ISSM’s, ISSO’s, and ISSE’s who are passionate about national security that take great pride in maintaining confidentiality, integrity, and availability of our Information Systems and enable execution of STRs portfolio of programs across a vast customer base. 

The Role:

STR has an exciting opportunity for a cybersecurity professional to join our established Cybersecurity/Risk Management Framework (RMF) program as a key contributor for classified programs.

In this dynamic position, you will interface and collaborate with other Cybersecurity professionals (ISSMs, ISSOs, ISSEs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization.  The role will focus on Vulnerability Management across STR’s classified computer networks. This includes managing configuration changes to STR's baseline software and hardware, supporting security architecture improvements, and patch process for current and future technologies.  The ideal candidate is expected to bring strong technical skills to enhance STR Vulnerability Management processes, along with a demonstrated eagerness to learn and develop within the classified lab ISSE function.

 Please note: This is an onsite role and does not offer remote or hybrid work options.

Responsibilities:

• Review, track, and manage IA Vulnerability (IAVA) announcements (e.g., US-CERT, CISA, vendor alerts, etc.) applicable to STR’s classified networks, ensuring they are communicated to stakeholders and tracked to closure.
• Perform vulnerability/compliance scanning and remediation tracking.
• Perform monthly patch testing for all classified network supported operating systems, applications, and hardware (i.e. firmware, BIOS, appliances – switch, firewall, etc.).
• Prepare System Impact Assessments from the monthly patch testing for communication to the Classified Network Enterprise Configuration Control Board.
• Prepare and provide metrics on vulnerability status, patch compliance, and the overall risk posture of the various classified networks.
• Proactively identify potential improvements to the patching processes primarily for 3rd party vendors and firmware updates.
• Assist ISSMs, ISSOs, ISSEs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional.
• Support the completion of Continuous Monitoring requirements in accordance with RMF and NIST SP800-53 standards.
• Perform other tasks as assigned by the manager.

Who You Are:

• Security Clearance: Active Secret security clearance with the ability and willingness to obtain Top Secret, SCI, and/or SAP access (U.S. citizenship required).
• Experience:
  • 2-3 years of hands-on technical experience in Information Assurance/Cyber Engineering or System Administration in the Defense Industrial Base (DIB)
  • Experience with Windows Server Update Services (WSUS) and Linux patching
• Certification: Minimum of a DoD 8140/8570 IAT Level II certification (Security+) with the willingness and ability to obtain Level III (CISSP, CISM).
• Knowledge: Knowledge of NIST SP800-53 control implementation and assessment, looking to learn and advance in Cybersecurity field.
• Familiarity: Knowledge of the DCSA Authorization and Assessment Process Manual/Guide (DAAPM/DAAG) and the Joint Special Access Implementation Guide (JSIG).
• Technical Skills:
  • Configuration, certification, and auditing/analysis of Windows/Linux operating systems and system virtualization in peer-to-peer, LAN & WAN networks.
  • Using IA vulnerability/compliance scanning tools (e.g. NMap, ACAS, Nessus, Security Content Automation Protocol (SCAP)).
  • Familiarity with scripting in Windows (PowerShell) and Linux (Bash, Ansible) to enhance deployment of patches to systems.
• Attributes: Excellent communication skills, detail-oriented, self-starter with a focus on understanding STR CCS and CIT processes and procedures. A desire for continuous improvement while working in a team environment and the ability to handle multiple fast-changing priorities/projects effectively. Well-organized, with the ability to track multiple issues and establish processes to assist the team in tracking items to closure.

Pay Information
Full-Time Salary Range: $105,000-$145,000

The salary range listed is based on external market data. Offers are based on factors, such as but not limited to, the candidate’s experience, education, training, key skills/critical skills, security clearances, and prevailing market and business conditions.