Information Systems Security Engineer (Active Polygraph Required)

Clearance Level
Top Secret SCI + Polygraph
Information Security
Herndon, Virginia

REQ#: G2019-59994

Public Trust: None
Requisition Type: Regular

Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction

The Pivotal Cloud Foundry (PCF) Information System Security Engineer (ISSE) is a security engineer possessing deep technical skills with cutting edge technologies to enable PWS to remain authorized and supporting its mission to run meaningful production mission application workloads across the intelligence community. The ISSE will work in a strategic customer environment and deal with security issues involved with the day-to-day tasks of running the Pivotal Cloud Foundry managed Platform as a service (PaaS) on Amazon C2S. This service is referred to as Pivotal Web Services (PWS). The ISSE supports the PCF Operators ensuring the PWS platform is operated in a secure manner and retains its authorized status.  Duties include managing patches and upgrades within the customer POAM and RMF processes recommending security improvements to PCF developers supervising patching and upgrades to the platform, software runtime versions and deploying language build packs in accordance with customer security policy and operational requirements.  The PCF ISSE acts as the frontline security technical representative for the program, interacts and takes direction from the assigned Information System Security Manager (ISSM).

Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Desired Skills:

  • 5+ years Expertise in security engineering
  • Strong familiarity with the NIST and customer Risk Management Framework (RMF), including CNSSI 1253, ICD-503, NIST SP800-53 versions 3 thru 5, NIST SP800-137, ICS 500-27 (IC Enterprise Audit) and fundamentals of continuous monitoring
  • Working understanding of the customer's vulnerability management program
  • Strong understanding of the Center for Internet Security (CIS) security benchmarks, DISA Security Technical Implementation Guides (STIGs), and security hardening.
  • Strong understanding of vulnerability management, Tenable Nessus, and vulnerability remediation processes
  • Familiarity with ICD503 and NIST 800-53A security testing and demonstration of control compliance
  • Familiarity with any of AWS CloudFormation, OpenStack Heat, Azure Resource Templates, or Google Deployment to automate deployment of cloud resources
  • Exposure to cloud APIs such as Fog, Boto, libcloud or similar
  • Exposure to automating tasks using a script or interpreted language such as bash, PowerShell, Perl, Python, or Java, and automation frameworks like Terraform, Vagrant, and Packer. Familiarity with Object Oriented Design Methodology, design, implementation, and administration, (J2EE, JSON, HTML, and XML).
  • Experience with programming languages/frameworks including Java and JavaScript.
  • Experience using configuration management tools like Puppet, Chef, Ansible, BOSH, etc.
  • A clear understanding of container technologies such as Kubernetes, associated tools & challenges using them to support cloud workloads
  • Familiarity with Amazon Web Services (AWS/C2S), Infrastructure as a Service (IaaS)
  • Familiarity with Platform as a Service (PaaS) environments such as Cloud Foundry, Heroku, Elastic Beanstalk or similar
  • Understanding of concepts of with configuration management scripting.
  • Familiarity with source control management systems such as Git, Mercurial, Subversion, or Git/GitHub
  • Experience with distributed systems and web architectures.
  • Familiarity with the concepts of Continuous Integration and Continuous Deployment (CI/CD).
  • General understanding of Site Reliability Engineering (SRE) concepts

Recommended Technical Skill Sets:

  • Experience with DISA STIG Viewer
  • Experience with Xacta360 or previous versions
  • Experience defining and deploying security monitoring, metrics, and logging solutions/strategies across applications, systems and services where applicable
  • Exposure to implementing systems that are highly available, scalable, and self-healing on premise, and on the AWS platform
  • Working knowledge of firewalls and networking experience is a plus
  • Experience providing managed services in an IaaS, PaaS, SaaS Public Cloud environment












We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.