ISSE

Information Technology Washington, District Of Columbia


Description

  1. a) Oversee the development of new systems and the configuration management of existing systems;
  2. b) Create initial risk assessments or security impact analysis which identify security risks related to new systems, or change requests to existing systems and recommendation for applicable security controls or compensating controls;
  3. c) Serve as a member of the Information Security team and perform technical activities for delivering effective host, network, data, and application security services;
  4. d) Have primary responsibility for security platforms in the production environment, as well as development environments.

The ISSE’s responsibilities include security oversight of system deployments, system and component configuration, monitoring and reporting. This position will have a role in performing security impact assessments, security testing, and working with operations and development teams on remediation and mitigation of findings.

The ISSE’s primary role will be to provide support to planning, designing and implementing security controls which safeguard and monitor events for information systems, enterprise applications and data.

The ISSE shall provide information system security engineering support to verify and validate proposed architectures and implementations based on sound security engineering principles and practices. ISSE should have experience performing IT product security specification reviews and have prior experience in creating Security baselines for Information systems and must perform a Security Impact analysis for all exceptions or deviations.

In addition to the above, the ISSE shall:

  1. a) Identify security requirements and provide input to the system design to ensure the proper controls are built-in;
  2. b) Participate in planning and executing in the system development life cycle of new system cycles;
  3. c) Conduct risk analysis and update the risk assessment report for all changes to the FISMA systems; and
  4. d) Provide a security impact analysis to include but not limited to the change to the overall system risk rating and posture and documentation that is impacted requiring updates.