Senior System Security Engineer

JOIN OUR TEAM

Job Opening

Job Summary

The Senior System Security Engineer is a senior technical resource responsible for ensuring that delivery on federal contracts meet all federal IT security standards, best practices, policies, and processes in order to deliver federal IT security compliant solutions. This work is a mix of strategy, documentation, negotiations, technical leadership, and hands-on cyber security work for federal Clients. They will be responsible for the management of information in the federal cybersecurity and risk management platforms, such as the Cyber Security Assessment & Management (CSAM) and Xacta platforms, for all federal contracts assigned. 

They will be involved in guiding a team to properly document system security boundaries, understanding and assessing security controls, and educating federal Clients on the proper security controls for the solutions our team implements and supports. The Information System Security Officer will interact with all levels of Arctic IT Government Solutions employees, sister companies, partners, and federal Client organizations in the execution of the following essential functions. 

This is a non-supervisory role.

Essential Functions

Security Operations: 

  • Evaluate needs and make recommendations on how to meet IT Security standards and best practices for security operations, including but not limited to, tools, process, policies, etc. 
  • Implement federal IT security standard operational models and maintain them throughout the life of the federal contract 
  • Work with federal Chief Information Security Officer (CISO) and their staff to evaluate and determine the best security controls to be applied to new systems of record and manage the Assessment & Authorization (A&A) process in order to achieve an Authority to Operate (ATO) 
  • Manage the annual reassessment of federal solutions on contracts assigned, this includes tasks necessary to address existing and new Plan of Action Milestones (POAMs), updating any documentation for A&A, and any other tasks necessary to continue an ATO for assigned systems and solutions 
  • Collaborate with information system owners, security officers, developers, and IT operations personnel to conduct system security categorizations in accordance with NIST SP 800-60 and FIPS 199 requirements (as amended) 
  • Document security control selections and apply control tailoring guidance in accordance with NIST SP 800-53 and NIST SP 800-18 (as amended) 
  • Develop initial system security plans and contingency plans aligned with organizational policies and NIST SP 800-18, NIST SP 800-34 (as amended) and security best practices 
  • Monitor threats and take preventive measures as needed on federal contracts assigned 
  • Identify, report, and control security incidents on federal contracts assigned 
  • Train internal team on changes to federal security standards as necessary 
  • Demonstrate subject matter expert regarding SIEM’s, security tools and usage, complex networking concepts, security protocols, operating systems, and system applications  
  • Create a process to provide ongoing security checks throughout the Client lifecycle  
  • Communicate with team known vulnerabilities and remediation/mitigation plans 
  • Stay up to date on key industry related security issues and trends, and relay to management and federal Clients as needed 
  • Provide input, including writing content for federal solicitation responses 

Qualifications

  • Bachelor’s degree in MIS, Computer Science, or related field highly preferred, may substitute or equivalent technical consulting, system administration, or network administration experience in an enterprise environment 
  • 5+ years of experience working as a security professional for a federal agency, either as an employee or as a contractor with Risk Management Framework (RMF) 
  • 5+ years of experience in network and system design, access control and implementation 
  • Job-related industry certification, such as CISSP, SANS GIAC, Security+, or Microsoft 365 obtained within 1 year of start 
  • Deep knowledge of cloud technologies and securing cloud environments (such as Microsoft 365, Azure, etc.) 
  • Experience in database security and data storage security 
  • Knowledge of secure development methods 
  • Understanding of scripting languages and technologies such as shell scripting, Perl, JavaScript, VBScript, and/or others 
  • Ability to perform ethical hacking, penetration testing, vulnerability assessments and web application security testing using various tools and provide a summary of issues and best practice resolutions 
  • Experience with (and strong understanding of) virtualization technologies and concepts 
  • Applicants are subject to government security investigations and must meet eligibility requirements related to the clearance process. 
  • Pass background checks as needed.

Working Environment

The majority of work for this role is performed in a home office and interacts with a wide variety of people with differing functions, personalities, and abilities. Telecommuters are expected to have sufficient home office space that appears neat, organized, and professional when on video meetings. Travel is required and varies around 25%.

Reasonable Accommodation

It is Arctic Information Technology, Inc.’s business philosophy and practice to provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities.

Preference Statement

Arctic Information Technology, Inc. grants preference to qualified Doyon Shareholders first, and second to qualified shareholders of other Alaska Native corporations that grant a similar preference in all phases of employment and training, which include, but are not limited to hiring, promotion, layoff, transfer, and training.

*Hitting the Apply Now button below will take you to the job posting on the Doyon, Limited website. This is our parent company.

Pay Transparency Statement

Arctic Information Technology will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.  However, employees who have access to the compensation information of the other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consent with the contractor’s legal  duty to furnish information.

Arctic Information Technology Inc. is a Federal Contractor and complies with the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA).

Arctic Information Technology, Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, disability, veteran status, and other protected characteristics. The EEO is the Law and the poster is available at http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf. For questions on the job posting contact (253) 344-5300.

Apply Now