Information Systems Security Architect

Job Description

The Information Systems Security Engineer is vital position that informs and advises all levels of the information security process when developing and certifying systems for secure operations on the customer's network.

The ISSE first must determine the client’s security requirements and then take measures to build systems around those requirements to maintain the security of systems and information.

The ISSE designs the architecture of an information system (IS) and chooses the pieces of the system used to perform the needed functions.

The ISSE then prepares a security design for the system and chooses the components to instill system security measures. This can involve selecting commercial off-the-shelf (COTS) software or custom products.

Next, the ISSE implements system security by ensuring that the entire system works as planned. This includes testing and documenting the entire system and may include training people on the systems.

Required Skills

• Possess multi-tasking skills, as well as be a good communicator / facilitator. Comfortable at all levels from developer to senior staff.
• Knowledge of the complex network environments involving shared networks and multiple security enclaves.
• Possess the ability to bridge the technical implementation (i.e. developer talk), into commonly understood security words.

Often this is a skillset and is not an actual language, but frequently translation or a basic understand needs to be conveyed by the ISSE when speaking with others or in writing the documentation in order to ensure it’s easy to understand.

• Document the various security control implementations as well as gather the artifacts that support the Risk Management Framework (RMF) and ICD 503 Security Accreditation for various Assessment and Authorization (A&A) efforts
• Document and obtain a general understanding of the architecture being developed or that was developed for each project in order to write the Systems Security Plans (SSP) / CONOPS in the customer’s compliance applications.
• Gather the information by working with various team members in order to write various additional A&A related documents such as Contingency Plan (CP), General User Guide (GUG), Privileged User Guide (PUG), Standard Operating Procedures (SOP’s), etc.
• Support Accreditation and Authorization (A&A) reviews by ISSO / M, as well as the Security Controls Assessor (SCA)
• Document the Plans of Actions and Milestones (POA&Ms) implementation responses or mitigations, as well as provide all required artifacts (i.

e. evidence gathering from the teams)

• Coordinating with various contractor and staff personnel to obtain the A&A content, as well as working with various customer security organizations to navigate the customer’s A&A process in order to achieve Authority to Develop (ATD), Interim Authority to Operation (IATT), as well as Authority to Operate (ATO).
• Keep track of where each of the various A&A projects are within the customer’s A&A process in order to know when it’s time to re-submit for accreditation or an accreditation extension.

Desired Skills

• Previous ISSE experience directly supporting the customer.
• Previous ISSO experience directly supporting the customer is also helpful.
• Various security tools and reports such as RoadRunner, Rapid 7, WebInspect, App Detective, and Splunk
• Public, private and hybrid Cloud experience (AWS, Microsoft Azure, etc.)
• Virtualization experience (VDI & VMWare)
• Basic knowledge is helpful, but not required for the following general topics : Cloud security control implementation, PKI implementation, STIG compliance and vulnerability management, and Security Development and Operations (SecDevOps)
• CISSP, or GSLC
• Basic Excel and Microsoft Office365

About WarCollar Industries

COVID-19 Vaccination Policy :

Prospective and / or new employees will be required to adhere to the customer’s vaccination policy.

About us :

WarCollar Industries, LLC is a veteran-owned small business. We maintain a team of cybersecurity experts committed to protecting complicated data and distribution systems and providing decision makers with the most accurate assessment of residual risk possible.

We work with our clients to solve the toughest challenges in the ever-evolving digital landscape. Services include network defense, computer network attack, secure network design, penetration testing and vulnerability assessment.

WarCollar enables its clients to find, fix, stop, and ultimately solve cybersecurity problems across their entire enterprise.

• WarCollar offers generous benefits including : Medical insurance premium coverage; PTO based on billable hours; federal holidays plus your birthday;
• matching 401k, education reimbursement plus paid training days; performance bonuses; referral bonuses; government shutdown protection;

monthly team building events plus two major social events annually.

WarCollar Industries, LLC is an equal opportunity employer. WarCollar does not discriminate in employment based upon race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, status as a protected military veteran, or other non-merit factor.