Information System Security Engineer (ISSE) III

At The One 23 Group, our mission is to set the benchmark for excellence in government services. We empower our clients in the Department of Defense, Intelligence Community, and Federal Civilian sectors to excel with our advanced capabilities. Our dedication lies in fostering a people-first culture, underpinned by steadfast ethical principles. Embracing innovative technologies and process improvements, we are steadfast in our journey toward a future that is both bright and transformative.

Our expertise spans consulting and analytics, digital workplace solutions, and cyber compliance. With our global footprint, we place a strong emphasis on nurturing our people and culture, which forms the core of our successful strategies in leadership and financial management. We pride ourselves on our extensive experience and effective approach, ensuring that we lead with both innovation and integrity.

The contractor shall provide cybersecurity support for the Code 104 Information Technology Operations Division in the area of Information System Security Engineer (ISSE) support. These duties include, but are not limited to:

• Assessment & Authorization (A&A)
• Cybersecurity Compliance and Audit Readiness
• Information Assurance Vulnerability Management (IAVM)
• Vulnerability Scanning and Remediation
• Application and Implementation of Security Technical Implementation Guides (STIGs) and Security Requirements Guide (SRGs)
• The ISSE staff will assist with the developing, maintaining, and tracking Risk Management Framework (RMF) system security plans which include System Categorization Forms, Platform Information Technology (PIT) Determination Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagrams, Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M).
• Execute the RMF process in support of obtaining and maintaining Interim Authority to Test (IATT), AO approval, Authorization to Operate (ATO), and Denial of Authorization to Operate (DATO).
• Identify and tailor IT and CS security control baselines based on RMF guidelines and categorization of the RMF boundary. Perform Ports, Protocols, and Services Management (PPSM). Perform IT and CS vulnerability-level risk assessments.
• Execute security control testing as required by a risk assessment or annual security review (ASR).
• Mitigate and remediate IT and CS system level vulnerabilities for all assets within the boundary per STIG requirements.
• Develop and maintain Plans of Actions and Milestones (POA&M) in Enterprise Mission Assurance Support Service (eMASS).

Requirements

• Bachelor’s degree in computer science, information technology, or an equivalent technical degree from an accredited college or university.
• Seven (7) years professional experience capturing and refining information security operational and security requirements and ensuring those requirements are properly addressed through purposeful architecting, design, development, and configuration; and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations.

IAT-III certification (any of the following):

• CASP+ CE
• CCNP Security
• CISA
• CISSP (or Associate)
• JGCED
• GCIH
• CCSP

Clearance Required: US Citizen, Secret Clearance