Oakton, Virginia

Oakton, Virginia

AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Intelligence Community. We are dedicated to recruiting, developing, and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values, and dedicated to our customers’ mission.

Our AT&T National Security organization supports our Nation’s Intelligence Community, operating and assuring critical voice, video, and collaboration services for the full spectrum of intelligence operations.

AT&T has an opening for an Information Security System Engineer (ISSE) position who will be responsible for complete system security risk management lifecycle activities for various systems and networks in the customer’s environments. The ISSE will collaborate with project team (i.e., system and network engineers and administrators, etc.) as well as the customer information system security managers and stakeholders to manage and maintain the system and network security risk assessment throughout the customer’s Security Assessment and Authorization process. The ISSE will manage and oversee all standards and implementation strategies to ensure procedures and guidelines comply with the customer’s cybersecurity policies. Seeking an individual who has effective problem-solving skills, high attention to detail and a strong written and oral communication skill. The candidate should be comfortable working independently in close consultation with the project team resources

The job duties of the Information Security System Engineer (non-supervisory) are as follows:

• Manage and maintain all aspects of the customer’sSecurity Assessment and Authorization process:
• Identify, document and address security requirements specific to an information technology (IT) system and/or network as it applies to all phases of the system life cycle.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the customer organization's mission and cybersecurity goals.
• Support all necessary security compliance and control activities (e.g., ensure that system security configuration guidelines are followed and compliance monitoring occurs).
• Continuously validate the system and network against the customer’s policies/guidelines/procedures/regulations/laws to ensure compliance.
• Stay up-to-date and advise appropriate customer of changes affecting the organization's cybersecurity posture.
• Work in coordination with project team and other stakeholders to create and maintain existing information system security documentation, including system security plan (SSP), system accreditation packages, contingency plans, data recover procedures, change management process, etc.
• Responsible for capturing and refining information security requirements in line with the customer’s authorization and accreditation process and directly engage in the delivery of process tasks with multi-disciplinary teams, implementing security controls, POA&M Management, etc.
• Support project team with host, network, cloud, application-based security control assessments
• Conduct a comprehensive self-assessment of the management, operation, and technical security controls to determine the overall effectiveness of control response across the organization.
• Conduct periodic and continuous reviews of the system and or network to ensure compliance with the authorization package.

Required Clearance:

TS/SCI with poly (#ts/sci) (#polygraph). Will be required to undergo additional High-Risk screening (customer specific)

Required Qualifications:

• B.S. in Computer Science, Cybersecurity, Information Technology or similar
• Education requirements are flexible depending on experience.
• Applicants should have approximately 5-10 years or more of working experience with information system security management and/or cybersecurity.
• Working experience with the customer’s Security Assessment and Authorization and Risk Management Framework process
• Strong knowledge of security principles, best practices, and industry standards such as NIST, DISA STIGs, CIS, RMF
• Proficiency and proven experience with aspects of security across a wide variety of areas such as databases, networks, operating systems, and security applications.
• Familiar with security scanning and monitoring tools such as Nessus, Rapid7, Nipper, NMAP, OpenSCAP, WebInspect, etc.
• Develop, implement, and document formal security programs and policies throughout the program and monitors compliance to these policies and programs.
• Responsible for capturing and refining information security requirements and directly engage in the delivery of tasks with multi-disciplinary teams, documenting and implementing security controls, POA&M Management, etc.
• Interpret security audits and assessments to ensure compliance with applicable regulations, industry best practices, and organizational security policies.
• Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package.
• Monitor and review security scans reports and collaborate with project team to address and/or mitigate findings.
• Able to communicate effectively with cross function teams: system engineers, system administrators, software developers, and information assurance professionals to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Strong time management skills, comfortable managing multiple priorities, strong analytical and problem-solving skills, and a team-work oriented approach to colleague engagement and work responsibilities.

Desired Qualifications:

• Professional Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Security+, and Certified Information Systems Auditor (CISA)
• Experience with developing system and network architecture and flow diagrams using MS Visio

Ready to join our team? Apply Today!

Our Information System Security Engineer‘s earns between $72,000 - $167,900. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.

Joining our team comes with amazing perks and benefits:

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories, AT&T internet (and fiber where available) and AT&T phone

Benefits

Invested in your satisfaction and continued success.

We take care of our own here (hint: that could be you). Our benefits and rewards mean we cover some of your biggest needs with some of the coolest offerings. We already think we’re a pretty great place to work. We’re just trying to rack up some bonus points.

• Live True

  Do the right thing, no compromise.

• Think Big

  Innovate and get there first.

• Pursue Excellence

  In everything, every time.

• Make a Difference

  Impact your world.

• Stand for Equality

  Speak with your actions.

• Be There

  When customers & colleagues need you most.