Cloud Information Systems Security Engineer (ISSE)

H2 Performance Consulting is subject to the Vietnam Era Veteran's Readjustment Assistance Act as a Federal Contractor and is an Equal Opportunity / Affirmative Action Employer and strives to build a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status. Additionally, as mandated under Executive order 12989, H2 is required to verify employment eligibility of selected candidates through the Department of Labor’s - E-Verify.

H2 Performance Consulting (H2) is seeking a Cloud Information Systems Security Engineer (ISSE). The Cloud ISSE will join our AWS-based cloud operations team, working alongside AWS DSO Cloud Engineers and ITSM Analysts / Developers. This role focuses on developing and maintaining a robust cybersecurity architecture for AWS cloud environments, ensuring compliance with DoD standards, and securing cloud services through the system lifecycle. The Cloud ISSE will provide expertise in risk management, artifact development, and security assessments to achieve and maintain authorizations for cloud systems.

The Cloud ISSE responsibilities will include :

• ​ Develop and maintain a comprehensive cybersecurity architecture for AWS cloud environments, ensuring alignment with DoD Instruction 8510.01 and the Navy Risk Management Framework (RMF) Process Guide (RPG).
• Lead the creation, review, and maintenance of authorization artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs), within the Enterprise Mission Assurance Support Service (eMASS).
• Conduct NIST 800-53 control assessments, technical security testing, and vulnerability scans using tools like ACAS, STIGs, and AWS-native security services to support Authorization to Operate (ATO) processes.
• Manage authorization maintenance activities, including annual security reviews, POAM updates, and compliance with ATO stipulations across Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) models.
• Collaborate with AWS DSO Cloud Engineers to perform security impact analyses for proposed system changes, ensuring secure integration of Infrastructure-as-Code (IaC) and DevSecOps pipelines.
• Leverage Amazon GuardDuty, Amazon CloudWatch, AWS Security Hub, AWS Cloud Trail, and Splunk for event monitoring, log analysis, and incident response to maintain a secure cloud environment.
• Establish and maintain inheritance profiles with AWS Cloud Service Providers to streamline compliance and reduce assessment overhead.
• Support cybersecurity processes, including Command Cyber Readiness Inspections (CCRI), Web Risk Assessments, and other audits, by providing documentation and remediation plans.
• Work with the ITSM Analyst / Developer team to integrate security findings into Remedy workflows for efficient incident and problem management.
• Implement and manage security tools like Trellix, Invicti, and Anchore to identify vulnerabilities and ensure compliance with DoD STIGs and security baselines.
• Provide technical guidance to operations teams on interpreting ACAS and STIG results, ensuring alignment with authorization baselines and secure configurations.
• Develop and recommend improvements to cybersecurity processes, policies, and tools to enhance efficiency and compliance.
• Document security configurations, processes, and lessons learned to support audit readiness and team knowledge sharing.
• Participate in Agile processes, including sprint planning and daily stand-ups, to align security tasks with team objectives.
• Engage with the Cloud Center of Excellence (CCoE) to promote best practices in cloud security and risk management.

Required Qualifications :

Preferred Qualifications :

Qualified candidates may submit their resume to the career section of our company website at  http : / / www.h2pc.com .   All resumes will be reviewed within 5 business days and those candidates we wish to further in the application process will be contacted via email / phone to schedule initial phone screens.