Information Systems Security Engineer; ISSE

Information Systems Security Engineer (ISSE)

Woburn, MA

The Security team at STR is responsible for maintaining compliance with Government protocol and directives. The Classified Cybersecurity (CCS) team includes ISSMs, ISSOs, and ISSEs who are dedicated to maintaining Confidentiality, Integrity, and Availability of our information systems and enabling STR’s portfolio across a broad customer base. This role supports the Cybersecurity/Risk Management Framework (RMF) program for classified programs.

In this role you will collaborate with Cybersecurity professionals (ISSMs, ISSOs), Security professionals (CPSOs, FSOs), and System Administrators from our Classified Information Technology (CIT) organization. You will help ensure overall compliance, manage configuration changes, support security architecture, and stay current with technologies.

Note:

this is not a remote or hybrid role and requires on-site work.

• Conduct vulnerability and compliance scans of Information Systems.
• Support RMF documentation development and control validation testing for Authority to Operate (ATO) accreditations.
• Develop cybersecurity requirements, design, and architecture for current and emerging program needs.
• Implement information assurance and information security protections in program development and execution environments.
• Apply security controls to networking devices, databases, operating systems, and hardware/software components.
• Assist ISSMs and ISSOs in monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate vulnerabilities.
• Conduct reviews and inspections to identify and mitigate security weaknesses and ensure security features are implemented and functional.
• Support Continuous Monitoring requirements in accordance with RMF and NIST SP800-53.
• Perform other tasks as assigned by the manager.

• Security Clearance: Active Top Secret clearance with the ability to obtain SAP and SCI access (U.S. citizenship required).
• Experience: 3–5 years of hands-on Information Assurance/Cyber Engineering experience, including requirements development and implementation.
• Certification: DoD 8570 IAM Level III certification (CISA, CISM, CISSP, etc.) or the ability to obtain within 6 months of hire.
• Familiarity: Knowledge of the DAAPM and JSIG.
• Technical
  
  Skills:
  
  
  • Configuration, certification, and auditing of Windows/Linux OS and virtualization in LAN/WAN environments.
  • Managing DISA STIGs and benchmarks across Windows, RHEL, Ubuntu.
  • IA vulnerability/compliance scanning tools (e.g., NMap, ACAS, Nessus, SCAP).
  • SIEM and centralized auditing tools (e.g., Splunk, Power Strux).
  • Microsoft Deployment Toolkit (MDT) familiarity.
  • Hardening of new IS builds and ensuring full functionality before deployment.
  • Scripting in Windows and/or Linux.
  • Experience with McAfee/Trellix ePO and DLP components.
  • Experience in one or more: AI, Dev Sec Ops , Cloud or Containerization.
  • Experience with NIST SP800-53 control implementation and assessment.
• Attributes: Excellent communication, detail-oriented, self-starter with a focus on STR CCS and CIT processes, a desire for continuous improvement, and the ability to manage multiple fast-changing priorities/projects.

STR is a growing technology company with locations near Boston, MA;
Arlington, VA;
Dayton, OH;
Melbourne, FL; and Carlsbad, CA. We specialize in advanced R&D for defense, intelligence, and national security in cyber, sensors, radar, sonar, communications, electronic warfare, and AI analytics. We are committed to a collaborative learning environment and recognize the contributions of all team members.

We are an equal opportunity employer. If you require a reasonable accommodation during the employment process, please email appassist.

We request voluntary self-identification for government reporting purposes. Completion is confidential and does not affect hiring decisions. See the company’s EEO policy for details.