Information Systems Security Engineer

Information System Security Engineer (ISSE) Role

CAE is seeking an Information System Security Engineer (ISSE) for providing technical expertise and support to CAE programs and Cybersecurity staff. The ISSE's priority is responsibility for management, implementation, and testing of our Program's Cybersecurity Requirements.

The ISSE is involved in most cyber-related technical decision making on programs. Involved in producing artifacts for the ATO's body of evidence. Participates with software and hardware approvals assisting with research and providing analyses. Assesses risk and making recommendations. Produce Cybersecurity Impact Evaluations (CIE) to be reviewed/approved by the customer (for system changes). Thorough grasp of the Cyber requirements and system capabilities. The ISSE and the ISSE's knowledge are required and must be on hand for the Authorization Event. Understands and helps define system architecture. Understands the security requirements and the tools required to satisfy those requirements. Grasp of simulator components interact and communicate.

Essential duties and responsibilities include assisting in preparing, maintaining, and implementing SSPs, under ISSM oversight, for government approval. Participate in update/management of SCTM. Assist in authoring and updating the Risk Assessment Report (RAR). Assist in creating and maintaining System Diagrams, Data Flow Diagrams, Boundary diagrams. Update of Ports Protocols and Services. Assist in POA&M Management. Participate in Creating and executing the Security Assessment Plan/Procedures. Assist in gathering COVs/LOVs and maintaining the sanitization plan. Facilitate Software/Hardware Approvals. Assist in Technical Security Management: Firewalls, Data Protection Controls, Patching, Encryption, Certificates, vulnerability scanning (ACAS/SCAP/E-STIG). Continuous Monitoring · Patch/STIG · Annual ATO Package Review · Peer Reviewing program security documents. Attending and presenting in Design reviews, Program Meetings, Technical Interchange Meetings and IPT meetings. Assist in compliance monitoring. Reviewing, evaluating, and updating STIG Checklists. Participate in providing input to Proposal cost and technical volumes. Assist in Cost Account Management. High level system administrator skills under Windows or Linux (prefer both). Experience with Software Development. Experience with Configuration Management (version control).

Qualifications and education requirements include a B.S. degree in Computer Science, Computer Engineering, Information Technology, Electrical Engineering or other technical equivalent. Five years directly related experience in implementation of DOD security requirements and contractor/government information security. At least one of DoD 8570.01-M Information Assurance Management (IAM) Level II Approved Baseline Certification (CAP, CASP+CE, CISM, CISSP (or Associate), GSLC, or CCISO). Experience with NIST Special Pamphlet (SP) 800-37 Guide for Applying the Risk Management Framework, NIST SP 800-53 Rev. 5 Security and Privacy Controls for Federal Information Systems and Organizations. Experience documenting compliance/non-compliance of security controls in the Enterprise Mission Assurance Support Service (eMASS). Incumbent must hold current or be eligible for DOD Personnel Security Clearance at Top Secret level. Thorough knowledge and experience with the NISPOM, DOD security related instructions and directives, specific services' security related regulations required. Extensive experience with hardware/software platforms to include MS Windows, Linux, UNIX. Military service or military environment familiarity, customs/protocol experience preferred. Ability to communicate, interact and collaborate with management, executive personnel and military personnel including senior officer levels required. Detail oriented; work with minimal supervision, analytical and problem-solving capability. Direct experience with classified DoD networks. Experience obtaining and maintaining ATO for classified network. Must maintain IAM required Certification(s).

Security responsibilities include complying with all company security and data protection/usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources. Incumbent must be eligible for DoD Personal Security Clearance.

Work environment includes duties performed in an office environment and manufacturing facility. Must be able to work overtime, on and off-shifts as required. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Employee is regularly required to sit, talk or hear, in person, in meetings and by telephone. Manual dexterity to operate computers or other standard office equipment; and reach with hands and arms. Able to support rack mounted equipment (up to 7 feet off the ground).

Other duties include the possibility of changing duties, responsibilities, and activities at any time with or without notice. CAE USA Inc. is an equal opportunity employer, and all qualified applicants will be considered for employment without regard to any protected characteristic, including disability and protected veteran status, as defined under federal, state, or local laws. Applicants needing reasonable accommodations should contact their recruiter at any point in the recruitment process.