Security Engineer/ISSO Support

Simple Technology Solutions is looking for a Security Engineer/ISSO Support to add to our team.

Quick Position Overview:

• US Citizenship is required
• Bachelor's Degree is required
• minimum of 6 years' position related experience is required

The Role:

STS is looking for a Security Engineer / ISSO Support specialist to join a federal data engineering team. You will serve as the security and privacy authority on a federal data engineering program, protecting highly sensitive financial data and ensuring the platform meets the full spectrum of federal security requirements from design through production. Deep knowledge of the federal ATO process and hands-on Zero Trust implementation on AWS are prerequisites for this position.

This position is contingent upon contract award.

The Security Engineer / ISSO Support at STS will:

• Serve as the primary point of contact and subject matter expert for all security assessment and authorization activities; work with the government team in completing the ATO process for integrating new capabilities and support the full federal Software Development Lifecycle (SDLC)

• Implement and continuously maintain Zero Trust Architecture (ZTA) across the platform per federal Zero Trust mandates; ensure security controls are embedded at every layer of the technology stack from storage classifications through IAM roles, network controls, and application security

• Ensure full compliance with FISMA, NIST 800-53, NIST 800-63, OWASP ASVS Level 2, federal software supply chain security requirements, and all agency-mandated security, privacy, performance, and quality requirements

• Engage with the agency's privacy and security teams and the System Owner at the start of every new service, feature, or dataset design to assess information type, security classification, data retention, and whether a System of Records Notice (SORN), Privacy Impact Assessment (PIA), or other formal review is required

• Identify and document what data is collected and why, how it is used and shared, how it is stored and secured, how long it is retained, and how users will be notified in the event of a security breach; ensure compliance with the Privacy Act of 1974 and the Federal Records Act

• Ensure all code submitted to production is free of medium- and high-level static and dynamic security vulnerabilities per OWASP ASVS Level 2; integrate OWASP ZAP, SAST tools, government-provided container analysis tools, and dependency analysis into the CICD pipeline as part of the Definition of Done

• Ensure security scans are conducted at least once per sprint; review, document, and explain all false positives; ensure scan results are visible in the team performance dashboard

• Manage AWS IAM role configurations and naming standards; maintain Secrets Manager credential management and certificate validity across all environments

• Use CloudWatch logging, CloudTrail, and AWS Config to ensure the production environment remains consistent, controllable, and auditable

• Ensure compliance with federal AI governance requirements for all AI/ML platform components; ensure compliance with the Trusted Internet Connections (TIC) Initiative, Section 508, and the 21st Century Integrated Digital Experience Act

• Collaborate with the IV&V team and agency security staff to continuously improve the platform's security posture; support resolution of all security findings within contractually required timelines

• Participate in 2-week sprint ceremonies, quarterly PI planning, and agile delivery using JIRA and GitHub

Education and Experience:

Required

• Bachelor's degree or higher in Cybersecurity, Information Systems, Computer Science, or a related field

• 6+ years of experience in federal information security with demonstrated experience in an ISSO role or ATO-leadership capacity at a civilian federal agency; financial regulatory agency experience strongly preferred

• Deep working knowledge of FISMA, NIST 800-53, NIST 800-63, and the full federal ATO/SDLC process

• Hands-on experience implementing Zero Trust Architecture on AWS in a FedRAMP-authorized environment including IAM hardening, network segmentation, and application-layer security controls

• Experience with OWASP ZAP, SAST/DAST tooling, dependency analysis, and container security scanning integrated into CI/CD pipelines

• Familiarity with AWS security services: IAM, Secrets Manager, CloudWatch, CloudTrail, AWS Config, and S3 bucket policy and sensitivity classification management

• Experience conducting or supporting Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs)

• Knowledge of the Privacy Act of 1974, Federal Records Act, Section 508, the 21st Century IDEA Act, and applicable federal Zero Trust, AI governance, software supply chain, and TIC mandates

• Experience managing security for systems handling non-public, highly sensitive financial or regulatory data

• Strong written and verbal communication skills; ability to produce authoritative security documentation including PIAs, ATO packages, and OWASP false positive documentation

• Experience in agile federal environments with sprint-based delivery, JIRA, and GitHub

• Must be able to work 8am-5pm Eastern Time regardless of home location

• Active federal public trust suitability determination or ability to obtain one required

• Must be a U.S. citizen