Information Security Engineer
Gravity IT Resources
Job Title: Information Security Engineer
Job-Type: Direct hire
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).
Gravity is hiring an Information Security Engineer. The Information Security Engineer, ISSO Liaison is responsible for being the primary liaison between the information security team, system owners, system ISSOs and other constituents with regard to the ongoing effectiveness of security controls. The ISSO Liaison ensures that the appropriate operational security posture is maintained for a portfolio of information systems and works in close collaboration with the system ISSOs and information system owners.
The ISSO Liaison serves as a principal advisor on all matters, technical and otherwise, involving the security of an information system. The ISSO Liaison has the detailed knowledge and expertise required to translate the security needs of information systems into technical requirements leveraging the knowledge of the System ISSOs, System Security Architects and the Chief Information Security Architect. The ISSO Liaison has the skills necessary to support security related work by working with ISSOs and product owners to maintain the focus and capacity to sustain security initiatives and to identify and remove obstacles to their success.
- Lead system owners and system ISSOs in maintaining accurate and up to date information regarding information system security control deployment and effectiveness3
- Assist in the development and stakeholder compliance of established security policies and procedures.
- Play an active role in the monitoring of systems and their environments of operation including, but not limited to, working with constituents who are developing and updating the security plan, managing and controlling changes to the system, and assessing the security impact of those changes.
- Collaborate with System Owners and System ISSOs and Security Architects to create technical requirements from NIST based control descriptions.
- Facilitate the creation of a Plan of Action and Milestones (POAMs) to correct control deficiencies
- Coordinate the execution of POAMs with System Owners and System ISSOs
Skills & Requirements:
- Bachelor’s degree in Cybersecurity or related field preferred, not required.
- ISC2 and/or SSCP certification preferred not required.
- Minimum of 5 years’ experience in IT Security field
- Minimum of 3 years’ experience as an Information Systems Security Officer or similar role
- Thorough understanding of the practical application of NIST 800-53 Security and Privacy Controls for Information Systems
- Strong project management skills
- Ability to create and implement security plans for information systems
- Hands-on experience leading the creation and execution of Plans of Actions and Milestones to remediate security control deficiencies
- Experience facilitating ISSOs in the execution of their job functions in a matrixed organization
- Ability to effectively translate policies into technical requirements and back again
- Ability to effectively index large volumes of information for multiple constituencies