Information System Security Engineer

Job Description

Founded in 1989, SOSi is among the largest private, founder‑owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

SOS International LLC is seeking a [TITLE] to join our team in [work location]. A Systems Engineer is responsible for designing, implementing, and maintaining the systems and infrastructure necessary to support the technical operations of an organization. This role involves an in‑depth understanding of both hardware and software components, as well as the ability to troubleshoot complex issues and provide innovative solutions.

• Perform technical engineering evaluations and assessments of high‑risk Cross Domain Solutions (CDS) to determine the suitability and compliance of its components with Joint, DOD, and AF policies, and configuration and security guides.
• Determine the suitability of the CDS components and/or systems in relation to installation, modification, relocation, and/or removal.
• Conduct CDS technical engineering evaluations and assessments based on the Risk Decision Authority Criteria (RDAC) developed by the National Security Agency (NSA) for CDS hardware, software, firmware, and systems comprised of those components.
• Derive transfer processing threat, identity threat, policy threat and corresponding policy by‑pass threat, and site mitigation risk ratings with sufficient justification to receive approval/authorization from CDS forums including:
  National Security Agency (NSA), Connection Approval Office (CAO), DoD Information Security Risk Management Committee (DoD ISRMC), Cross Domain Technical Advisory Board (CDTAB), National Cross Domain Strategy and Management Office (NCDSMO) Defense Security / Cybersecurity Accreditation Working Group (DSAWG) community.
• Accomplish documentation detailing the transfer processing risk introduced by a CDS to include measures taken to protect the confidentiality, availability, and integrity of information before and after it transits the CDS as well as data at rest.
• Identify and provide mitigation recommendations in the environment in which the CDS will operate.
• Interpret scan and test results and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
• Recommend risk mitigations to ensure CDSs meet an acceptable level of risk for issuance of an Authority to Operate (ATO).
• Conduct extensive reviews of technical documentation including CDS Appendices, CDS Validation Approval Requests, system topologies, Lab‑Based Security Assessments (LBSA) and Site‑Based Security Assessments (SBSA) plans and reports.
• Assess authenticator management, intrusion management, partner identity management, location security, and technology and data risk mitigations.
• Perform engineering studies in support of complex mission critical CDS systems and deliver draft technical documents, reports, briefings, and other correspondence to the government.
• Coordinate with Authorizing Officials (AOs), PMOs, user reps, and system owners to maintain Risk Management Framework (RMF) packages, conduct risk and vulnerability assessments, provide support to the CDS approval processes, and perform other IA support duties.
• Develop and submit recommended policy directives, instructions, manuals, standards, strategies, visions, mission statements, goals and objectives as they apply to CDS.
• Provide ad hoc reports and briefings with information such as metrics, meeting minutes, inputs for Joint Approval Boards, and updated status of operational CDSs.
• Travel Requirements:
  Travel between Scott AFB, IL and other CONUS/OCONUS locations may be required under this task order.

• Bachelor's degree in Communications or Security is mandatory.
• Active SECRET security clearance is a non‑negotiable prerequisite.
• Minimum of four years of relevant professional experience is required.
• Demonstrated proficiency in National, DoD, and AF Information Assurance (IA) policies, procedures, and objectives is essential.
• DoD 8570.1 IAM Level II certification (CAP, CASP+CE, CISM, CISSP or…