Coalfire Federal is a market leading cybersecurity consultancy firm that provides independent and tailored advice, assessments, technical testing and a full suite of cyber engineering services to Federal agency customers.  Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with leading cloud and technology providers including Amazon, Microsoft, IBM, Google and Oracle and Federal agencies.  Coalfire has been a cybersecurity thought leader for over 20 years and has offices throughout the United States and Europe and is committed to making the world a safer place by solving our clients’ toughest security challenges. 

But that’s not who we are – that’s just what we do.

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.  

We’re currently seeking a Senior Information System Security Engineer (ISSE) to support our federal team.

• This is a remote position - open to candidates in the United States. 

• Provide security system engineering and security architectural design support services for Azure and custom application development (.Net, SharePoint. Python and Drupal).
• Support identification and documentation of operations solutions in line with NIST security controls, and client requirements.
• Support End-to-end architecture tradeoff assessment.
• Assist with development and implementation of effective SP 800-53 Rev 5 controls to support agency Azure and applications.
• Support development of strategic and tactical plans.
• Evaluation of new program requirements such as implementation of Agile and DevOps.
• Investigation and development of new technologies for possible operations modifications and security requirements in the Azure environment (move to PaaS, SaaS, Microservices, etc.)
• Identify information to document in the agency Enterprise Architecture plan (standards, processes, etc.)
• Recommend secure coding practices, threat modeling, web application security standards and implement assessment tools such as Invicti and techniques such as OWASP.
• Create PowerPoint briefings on secure coding practices as required by the client and NIST for developer awareness and implementation.

An experienced ISSE with knowledge of the following:

• Computer networking concepts and protocols, and network security methodologies.
• Risk management processes (e.g., methods for assessing and mitigating risk).
• Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Cybersecurity and privacy principles.
• Cyber threats and vulnerabilities.
• Specific operational impacts of cybersecurity lapses.
• Host/network access control mechanisms (e.g., access control list, capabilities lists).
• Cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
• Incident response and handling methodologies.
• Industry-standard and organizationally accepted analysis principles and methods.
• Intrusion detection methodologies and techniques for detecting host and network-
• How traffic flows across the network (e.g., transmission control protocol [tcp] and internet protocol [ip], open system interconnection model [osi], information technology infrastructure library, current version [itil]).
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, procedural language/structured query language [pl/sql] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Resource management principles and techniques.
• Server administration and systems engineering theories, concepts, and methods.
• Server and client operating systems.
• System software and organizational design standards, policies, and authorized approaches (e.g., international organization for standardization [iso] guidelines) relating to system design.
• System life cycle management principles, including software security and usability.
• Technology integration processes.
• The organization’s enterprise information technology (IT) goals and objectives.
• Applicable laws, statutes (e.g., in titles 10, 18, 32, 50 in U.S. Code), presidential directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
• Information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
• Critical infrastructure systems with information communication technology that were designed without system security considerations.
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Education 

Completed Bachelor’s degree from an accredited university, preferably in an IT related field.

Clearance / Suitability 

Ability to obtain a clearance or a Public Trust is preferred, however all clearance levels and non-cleared applicants will also be considered.

Certifications 
An active CISSP or CISM is required

Years of Experience 

Overall 8+ years of information security and compliance experience 

To include at minimum 5+ years of direct work experience relative to the ISSE qualifications

• Experience with GRC tools e.g., CSAM
• Knowledge of the NIST Cybersecurity Framework
• Cloud and/or engineering related certifications

Our people make Coalfire Federal great. We work together on interesting things and achieve exceptional results. We act as trusted advisors to our customers and are committed to client-focused innovation as well as innovation in the industries that we serve.

Coalfire offers our people the chance to grow professionally with colleagues they like and respect while tackling challenges that stretch their minds and expand their skill sets. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.

You’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support memberships, and comprehensive insurance options.  

Coalfire is an EEO employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.