Information Systems Security Engineer (ISSE)

Position Overview:
Evans & Chambers Technology (EC) is seeking an experienced Information Systems Security Engineer (ISSE) to support a technical development program centered on cloud-based applications and associated infrastructure operating in a highly secure, classified network environment. The ISSE will integrate directly into a multidisciplinary team that includes software developers, systems engineers, DevOps engineers, database administrators, and systems architects.

Clearance: Active TS/SCI with Polygraph
Location: Arlington, VA Onsite


Evans & Chambers partners with the US national defense community to create fully integrated, resilient, and innovative digital solutions that enable them to make smart decisions in real-time. We work with our customers on everything from conquering their data to improving and safeguarding IT infrastructure. Our ultimate goal? To enhance our nation's ability to identify, address, and act – no matter what challenges arise.

What a Typical Day Looks Like
• Participate in daily Agile standup (scrum) meetings and provide status updates on assigned Jira issues
• Attend ad-hoc Technical Exchange Meetings (TEMs) to assess security impacts of proposed architectural and system changes
• Lead or assist with security scans; analyze and report on findings and their system impact
• Review externally reported security findings (CVEs) and conduct impact analysis with recommended remediation paths
• Evaluate upcoming system changes and new features for security implications during team design reviews

Primary Responsibilities
• Identify, select, implement, and assess NIST SP 800-53 security and privacy controls
• Develop and integrate secure configuration baselines per DISA STIGs and CIS benchmark guidelines
• Contribute to the design of secure architectures and system designs
• Ensure security requirements are embedded throughout the System/Software Development Life Cycle (SDLC)
• Execute Continuous Monitoring (ConMon) activities in support of Assessment and Authorization (A&A) requirements
• Create, review, and maintain A&A artifacts and supporting documentation
• Perform security analysis and monitoring across a 100% AWS cloud-based environment
• Conduct vulnerability scanning, analyze results, and develop remediation strategies and security implementations
• Interface with Information System Security Managers (ISSMs) to support system accreditation efforts
• Lead or participate in TEMs; document outcomes and brief management as needed

Required Qualifications
• 6–10 years of relevant ISSE or cybersecurity experience
• Active TS/SCI with Polygraph
• BS in a technical discipline or equivalent demonstrable experience

• CISSP (Certified Information Systems Security Professional) or CompTIA Security+ preferred
• Hands-on Linux experience, including proficiency with the command line
• Scripting and programming experience in Bash, Python, or similar languages
• Solid understanding of networking fundamentals — ports, routing, subnets, VPNs, firewalls, and troubleshooting
• Experience working within Agile development teams and workflows
• Strong working knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and CVE management
• Experience with RMF workflow tools and processes
• Strong written and verbal communication skills; able to clearly articulate findings and recommendations, and receptive to alternative approaches raised by team members

Desired Qualifications
• Experience with Infrastructure as Code (IaC) tools such as Ansible, Terraform, or similar automation platforms
• Prior experience working in a cloud-based environments