Security Engineer/ISSO Support at Simple Technology Solutions

RemoteFull-timeRemoteITPosted about 14 hours ago

About the Role

<div class="content-intro">At Simple Technology Solutions, our people are our priority. We know our team members are more than employees—they’re parents, friends, volunteers, artists, and athletes. That’s why we offer flexibility to help them thrive personally and professionally while delivering exceptional solutions to our Federal Government clients. Our culture is built on collaboration, continuous learning, and excellence. We are mentors and thought leaders who share knowledge and foster growth. Recognized as a “Best Place to Work,” we believe a range of perspectives helps us drive innovation and exceed customer expectations. At STS, taking care of our people isn’t a perk—it’s the standard. As a HUBZone company, we also offer special incentives for team members living in qualified HUBZones. Check out the HUBZone map <a href="https://maps.certify.sba.gov/hubzone/map#center=39.828200,-98.579500&zoom=5">HERE</a> to see if you qualify!</div>Simple Technology Solutions is looking for a Security Engineer/ISSO Support to add to our team. Quick Position Overview: <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;">US Citizenship is required</li> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;">Bachelor's Degree is required</li> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;">minimum of 6 years' position related experience is required</li> </ul> <span data-ccp-parastyle="Default" data-ccp-parastyle-defn="{"ObjectId":"272499da-5523-5969-b17c-4f82c0ce3910|1","ClassId":1073872969,"Properties":[469775450,"Default",201340122,"2",134233614,"true",469778129,"Default",335572020,"1",469777841,"Times New Roman",469777842,"Times New Roman",469777844,"Times New Roman",469769226,"Times New Roman",335551500,"0",201342446,"1",201342447,"5",201342448,"3",201342449,"1",469777843,"ＭＳ明朝",201341986,"1",268442635,"24"]}">The Role:  STS is looking for a Security Engineer / ISSO Support specialist to join a federal data engineering team. You will serve as the security and privacy authority on a federal data engineering program, protecting highly sensitive financial data and ensuring the platform meets the full spectrum of federal security requirements from design through production. Deep knowledge of the federal ATO process and hands-on Zero Trust implementation on AWS are prerequisites for this position.    This position is contingent upon contract award.  The Security Engineer / ISSO Support at STS will:  <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Serve as the primary point of contact and subject matter expert for all security assessment and authorization activities; work with the government team in completing the ATO process for integrating new capabilities and support the full federal Software Development Lifecycle (SDLC) </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Implement and continuously maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; ensure security controls are embedded at every layer of the technology stack from storage classifications through IAM roles, network controls, and application security </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Ensure full compliance with FISMA, NIST 800-53, NIST 800-63, OWASP ASVS Level 2, federal software supply chain security requirements, and all agency-mandated security, privacy, performance, and quality requirements </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Engage with the agency's privacy and security teams and the System Owner at the start of every new service, feature, or dataset design to assess information type, security classification, data retention, and whether a System of Records Notice (SORN), Privacy Impact Assessment (PIA), or other formal review is required </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Identify and document what data is collected and why, how it is used and shared, how it is stored and secured, how long it is retained, and how users will be notified in the event of a security breach; ensure compliance with the Privacy Act of 1974 and the Federal Records Act </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="6" data-aria-level="1">Ensure all code submitted to production is free of medium- and high-level static and dynamic security vulnerabilities per OWASP ASVS Level 2; integrate OWASP ZAP, SAST tools, government-provided container analysis tools, and dependency analysis into the CICD pipeline as part of the Definition of Done </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="7" data-aria-level="1">Ensure security scans are conducted at least once per sprint; review, document, and explain all false positives; ensure scan results are visible in the team performance dashboard </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="8" data-aria-level="1">Manage AWS IAM role configurations and naming standards; maintain Secrets Manager credential management and certificate validity across all environments </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="9" data-aria-level="1">Use CloudWatch logging, CloudTrail, and AWS Config to ensure the production environment remains consistent, controllable, and auditable </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="10" data-aria-level="1">Ensure compliance with federal AI governance requirements for all AI/ML platform components; ensure compliance with the Trusted Internet Connections (TIC) Initiative, Section 508, and the 21st Century Integrated Digital Experience Act </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="11" data-aria-level="1">Collaborate with the IV&V team and agency security staff to continuously improve the platform's security posture; support resolution of all security findings within contractually required timelines </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="12" data-aria-level="1">Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub </li> </ul>   Education and Experience:    Required    <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="13" data-aria-level="1">Bachelor's degree or higher in Cybersecurity, Information Systems, Computer Science, or a related field </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="14" data-aria-level="1">6+ years of experience in federal information security with demonstrated experience in an ISSO role or ATO-leadership capacity at a civilian federal agency; financial regulatory agency experience strongly preferred </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="15" data-aria-level="1">Deep working knowledge of FISMA, NIST 800-53, NIST 800-63, and the full federal ATO/SDLC process </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="16" data-aria-level="1">Hands-on experience implementing Zero Trust Architecture on AWS in a FedRAMP-authorized environment including IAM hardening, network segmentation, and application-layer security controls </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="17" data-aria-level="1">Experience with OWASP ZAP, SAST/DAST tooling, dependency analysis, and container security scanning integrated into CI/CD pipelines </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="18" data-aria-level="1">Familiarity with AWS security services: IAM, Secrets Manager, CloudWatch, CloudTrail, AWS Config, and S3 bucket policy and sensitivity classification management </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="19" data-aria-level="1">Experience conducting or supporting Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs) </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="20" data-aria-level="1">Knowledge of the Privacy Act of 1974, Federal Records Act, Section 508, the 21st Century IDEA Act, and applicable federal Zero Trust, AI governance, software supply chain, and TIC mandates </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="21" data-aria-level="1">Experience managing security for systems handling non-public, highly sensitive financial or regulatory data </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="22" data-aria-level="1">Strong written and verbal communication skills; ability to produce authoritative security documentation including PIAs, ATO packages, and OWASP false positive documentation </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="23" data-aria-level="1">Experience in agile federal environments with sprint-based delivery, JIRA, and GitHub </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="24" data-aria-level="1">Must be able to work 8am-5pm Eastern Time regardless of home location </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="25" data-aria-level="1">Active federal public trust suitability determination or ability to obtain one required </li> </ul> <ul> <li style="font-family: 'trebuchet ms', geneva, sans-serif; font-size: 14pt;" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="26" data-aria-level="1">Must be a U.S. citizen </li> </ul><div class="content-conclusion"><div>STS is committed to equal employment opportunity and merit-based employment practices. STS provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination, harassment, and retaliation in all employment practices and decisions in accordance with applicable federal, state, and local laws.</div> <div> Employment decisions at STS are based on individual qualifications, performance, skills, and business needs, without regard to race, color, religion, sex, national origin, age, disability, protected veteran status, sexual orientation, gender identity, genetic information, marital status, or any other status protected by applicable law.</div> <div> This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, compensation, training, transfer, discipline, termination, layoff, recall, and leaves of absence.</div> <div>---</div> <div>Applicants may request removal from our applicant database, or specific information about how the data is used by contacting <a href="mailto:[email protected]">[email protected].</a></div></div>

About the Role

About the Role

Related Roles

About the Role

Related Roles