Information Security Engineer

Position Title:â Information Security Engineer

Location: Herndon Virginia - Hybrid (in office 3x/week)

Position Overview:
This senior-level positionâInformation Security Engineer will serve as a member of the Exostar Information Security Office and will report to the Manager of Governance & Engineering. This role is designed for a hands-on security engineer with deep technical and architectural experience who can translate that expertise into effective engineering audit policy and compliance outcomes. The individual will be expected to independently assess risk design and evaluate secure architectures implement and validate technical security controls and clearly articulate how those controls satisfy regulatory and audit requirements.
The ideal candidate brings strong engineering credibility across infrastructure cloud and identity-related systems and is equally effective working with customers auditors and technical stakeholders. This role requires comfort operating in high-visibility audit and customer-facing contexts exercising technical expertise and driving issues to closure.

Responsibilities: Your day if you join us:
Security Architecture & Engineering
Assess design and provide guidance on secure architectures for onpremise and cloud environments including identity access network and platform services.
Engage directly with infrastructure platform and development teams to translate security requirements into implementable technical designs and controls.
Provide hands-on engineering support for the implementation validation and remediation of technical security controls.
Perform threat modeling and security risk assessments and coordinate actionable mitigation strategies.
Audit Compliance & Governance
Provide engineering support for controls aligned to frameworks such as CMMC L2 FedRAMP Moderate ISO/IEC 27001 IAM SOC 2 etc.
Write and maintain technical control descriptions based on current architecture and operational practices.
Support and lead internal and external audits and assessments including direct interaction with auditors and customers.
Translate technical implementations into clear accurate and defensible audit evidence.
Create review and update information security policies standards procedures and guidelines to reflect actual system architecture and operations.
Risk Management & Continuous Improvement
Identify assess and communicate security risks to technical and non-technical stakeholders.
Track remediation efforts and drive issues to closure across multiple teams.
Evaluate emerging technologies regulatory changes and industry trends to assess potential impact to Exostars security posture.
Identity Access Management Security
Provide subject matter expertise for Identity and Access Management (IAM) and Public Key Infrastructure (PKI) systems.
Support auditing and compliance of PKI identity federation and authentication services.
Collaborate on governance documentation related to identity trusted roles and access control programs.

Qualifications: You are a great fit for this role if you:
Required:
7 years of demonstrated IT Security engineering experience providing guidance to technical teams
5 years of demonstrated experience performing threat modeling and security risk assessments.
5 years of demonstrated network engineering and administration experience
5 years of demonstrated experience designing and implementing security controls in onpremise and cloud environments.
Strong experience with secure SDLC practices in Agile and DevSecOps environments.
Demonstrated experience authoring SSPs POA&Ms and technical audit documentation.
Significant experience working with ISO/IEC 27001/27002 NIST SP 800171 and NIST SP 80053.
Experience supporting and participating in audits and assessments (e.g. SOC 2 ISO 27001 Cyber Essentials).
Strong written and verbal communication skills with the ability to explain technical concepts to auditors leadership and business stakeholders.
Significant experience working in Jira and Confluence.
Ability to pass background investigation to attain and maintain Trusted Role access to company systems.
Technical Experience / Familiarity:
Core network services (HTTP SMTP DNS) and supporting server technologies.
Encryption technologies (IPSec SSL/TLS).
Network security controls (firewalls proxies NAC phishing prevention etc.).
SIEM and logging architectures; familiarity with FIM technologies.
Windows Active Directory and domain services.

Preferred Qualifications:
You are exactly who we are looking for if you:
CMMC CCA or CCP
FedRAMP auditor / implementer
CISSP and other similar technical certifications
Experience with Governance Risk and Compliance tools
Cloud computing and architecture
Windows Domains and Active Directory
End-point Protections (HIPS/HIDS)
Web Application Programming (Java and related technologies)
Knowledge and demonstrated experience designing multi-tier highly available multi-threaded scalable architectures.
Secure development frameworks (e.g. OWASP SAMM Microsoft Security Development Lifecycle IBM Secure Engineering Framework etc.)
Public Key Infrastructure (PKI)
Identity Federation Technologies (SAML etc.)
Business Continuity and Disaster Recovery planning
SharePoint
Data Loss Prevention (DLP)
Data Labeling and Information Rights Management
S/MIME-based Secure Email
Windows Domains and Active Directory
Identity Access Management (IAM)

Education:
Bachelors or masters degree from an accredited university in IT related discipline

Exostar - The Company:
Exostars cloud-based platforms create exclusive communities within the Aerospace and Defense Life Sciences and other highly regulated industries where members securely collaborate share information and operate compliantly. Within these communities we build trust. By analyzing community data we provide insights and intelligence enabling organizations to make better timelier decisions to mitigate risk and operate more efficiently.
We believe in employee development: we promote internally and provide training and educational assistance
We provide a fun engaged workplace with social and community-building events
We offer comprehensive benefits and flexible time off plans

Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race color religion sex national origin age marital status disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting hiring compensation promotion training benefits transfers and working conditions.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information please review theKnow Your Rightsnotice from the Department of Labor.

Required Experience:

IC