Simply put, Information Systems Security Engineers (ISSE) secure technology environments through direct implementation (hands-on) and guidance. Often, ISSEs implement the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security and privacy controls as a part of a larger Risk Management Framework (RMF) process to fulfill the Federal Information Security Modernization Act (FISMA). However, ISSEs implement security based on all manner of Information Assurance (IA) requirements including laws, regulation, and policy.
Optimally, ISSEs are engaged early and proactively in the pre-implementation Prepare, Categorize, and Select steps of system development. Sometimes, ISSEs are engaged post-implementation to secure fielded systems.
Beyond designing, developing, implementing, and integrating IA, ISSEs also review security architectures, assess technology environments, as well as validate and verify system security requirements fulfillment. ISSEs also support compliance by reviewing cyber risk documents such as system security plans (SSP) and associated plans of action & milestones (POA&M).
This job description is meant to advertise a range of ISSEs from Bachelors and 0 years of experience, through and including Bachelors and 20 years of experience. More experienced candidates will require certifications to qualify for contract labor categories, such as: Security+, Certified Information System Security Professional (CISSP) and/or Information System Security Engineering Professional (ISSEP).
