Information System Security Engineer

About The Position

Requirements

• US Citizenship is required
• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred
• Minimum of SEVEN (7) years of progressive experience in cybersecurity engineering
• Minimum of THREE (3) years of experience in a federal civilian or DoW IT environment with direct involvement in NIST RMF (SP 800-37), FedRAMP, or equivalent authorization processes.
• Demonstrated experience defining or modifying system security boundaries in environments undergoing cloud migration or infrastructure modernization.
• Hands-on experience with at least three of the following: VMware/vSphere administration, AWS cloud services (VPC, IAM, CloudTrail, GuardDuty), network security (firewalls, IDS/IPS, TIC architectures), vulnerability management platforms (Tenable, Qualys), SIEM/monitoring platforms (Dynatrace, Splunk, or equivalent), load balancers and application delivery controllers (F5, etc.), and enterprise identity and access management.
• CISSP (Certified Information Systems Security Professional) – Active and in good standing AND at least one of the following:
• CCSP (Certified Cloud Security Professional)
• AWS Security Specialty Certification
• CISM (Certified Information Security Manager)
• CASP+ (CompTIA Advanced Security Practitioner)

Nice To Haves

• Experience with ColdFusion, .NET, and other legacy application environments and associated security considerations.
• Familiarity with Oracle database security hardening and monitoring.
• Experience with GRC platforms such as Archer, Xacta, eMASS, or RegScale.
• Knowledge of CISA BOD compliance requirements, including BOD 22-01 (Known Exploited Vulnerabilities) and BOD 23-01 (asset visibility).
• Experience developing or contributing to agency-level cybersecurity policies and procedures.
• Prior experience supporting OIG audits or FISMA reporting requirements.
• Familiarity with federal acquisition and contractor oversight from a security requirements perspective.
• Public Trust Clearance or ability to obtain one

Responsibilities

• System Boundary Analysis: Define and maintain system security boundaries across hybrid cloud and on-premises environments, including AWS & Azure CSPs, VMware infrastructure, and legacy datacenter assets.
• Authorization Package Development: Author and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related NIST RMF artifacts for all OCIO-managed systems.
• Continuous Monitoring: Implement and oversee continuous ATO processes aligned with NIST SP 800-137 and OSCAL-based automation, ensuring real-time visibility into system posture.
• Control Inheritance Mapping: Map technical controls across shared service environments, identifying common controls, system-specific controls, and hybrid inheritance relationships as systems migrate to cloud.
• GRC Tool Administration: Manage the ingestion of infrastructure telemetry, vulnerability data, and configuration baselines into GRC platforms to automate compliance evidence collection.
• Network Security Architecture: Evaluate and advise on network segmentation, firewall rules, TIC 3.0 compliance, F5 load balancer configurations, DNS security, and encrypted transit between enclaves and cloud environments.
• Cloud Security Posture: Assess and harden CSP environments including VPC design, Security Groups, IAM policies, CloudTrail/GuardDuty integration, and encryption-at-rest/in-transit configurations.
• Vulnerability Management: Collaborate with the SOC team and infrastructure teams to contextualize vulnerability findings from Tenable and similar tools, prioritizing remediation based on exploitability, exposure, and mission impact—not just CVSS scores.
• Infrastructure Security Reviews: Conduct security assessments of proposed architecture changes, migration plans, and new technology deployments.
• Incident Support: Provide senior-level technical analysis during security incidents, bridging the gap between SOC triage and executive risk communication.
• ISSO Liaison: Work alongside ISSOs to translate technical system changes (network reconfigurations, cloud migrations, new integrations) into risk language and updated authorization documentation.
• SOC Mentorship: Elevate the SOC team’s understanding of governance context, helping analysts understand how their detection and response activities map to broader risk management and compliance objectives.
• Technical Translation: Serve as the connective tissue between infrastructure engineers, application teams, ISSOs, and leadership—ensuring security decisions are informed by both technical facts and organizational risk tolerance.
• Vendor Coordination: Engage with contractors and vendors on security requirements, ensuring deliverables meet federal security standards.

Benefits

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Position may be eligible for a discretionary variable incentive bonus
• Parental Leave and Adoption Assistance
• 401(k) Retirement Plan
• Basic Life & Supplemental Life
• Health Savings Account, Dental/Vision & Dependent Care Flexible Spending Accounts
• Short-Term & Long-Term Disability
• Student Loan PayDown
• Tuition Reimbursement, Personal Development & Learning Opportunities
• Skills Development & Certifications
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Emergency Back-Up Childcare Program
• Mobility Stipend