Information Systems Security Engineer (ISSE)
HTX Labs
About HTX Labs
Since 2017, HTX Labs has been on a mission to accelerate the future of learning, employing immersive software training solutions and content development services for the Department of Defense to elevate the level of proficiency and preparedness of today's warfighter.
HTX Labs developed the EMPACT® Immersive Learning Platform to address a growing need to modernize training, improve safety, maximize operational efficiency, and build resilience and readiness across the defense industry.
HTX Labs is dedicated to driving learning innovation, providing the necessary digital infrastructure to empower users to easily create, deploy, measure, and sustain mission-specific, immersive training programs anytime, anywhere, on any device, with anyone, at scale.
Description
HTX is seeking a skilled Information Systems Security Engineer (ISSE) with expertise in NIST and Cybersecurity Maturity Model Certification (CMMC) frameworks to join our cybersecurity team. The ISSE will play a vital role in designing, implementing, and managing security solutions that align with NIST 800-series guidelines and ensure compliance with CMMC requirements.
The ideal candidate will have experience in risk management, security control assessments, and system security planning, with a strong understanding of how to secure sensitive and controlled unclassified information in line with DoD and federal standards.
Responsibilities
- This position will be responsible for developing and maintaining Authority to Operate (ATO) security control requirements.
- Responsible for developing and maintaining CMMC security control requirements.
- Design, develop, and implement robust security architectures and solutions for information systems and networks.
- Conduct security assessments, threat modeling, and risk analysis to identify vulnerabilities and potential threats.
- Collaborate with system owners, IT teams, and other stakeholders to integrate security requirements into systems development processes.
- Develop and maintain system security plans (SSPs), security controls, and configuration baselines.
- Perform continuous monitoring of information systems and ensure compliance with established security policies, standards, and frameworks (e.g., NIST, RMF, FedRAMP).
- Participate in security control testing and evaluations to validate compliance and effectiveness.
- Prepare and present security authorization documentation, risk assessments, and mitigation strategies.
- Serve as a technical subject matter expert (SME) on cybersecurity best practices, tools, and technologies.
Qualifications
- Experience as an Information System Security Officer (ISSO) and/or Information System Security Engineer (ISSE) using the DoD Risk Management Framework (RMF) or CMMC
- IAM Level I certification commensurate with DoD 8570.1M requirements, Certified Information Systems Security Professional (CISSP) certification preferred
- 5-7 years of experience working in Information Technology (IT), demonstrating a strong proficiency in managing technology systems and solutions
- At least 1 year experience supporting cybersecurity efforts through the DoD RMF process or CMMC accreditation
- 1-2 years of experience with cloud environments, preferably Microsoft Azure
- Educational degree in Cybersecurity, Computer Science, Information Technologies, etc.
- Effective organizational, time management, and communications skills (written and verbal)
Preferred Skills
- Strong knowledge of NIST SP 800-53, NIST RMF, CMMC levels, and cloud-specific security best practices.
- Proficiency in Azure security tools, encryption, access control, and Azure-specific risk management practices.
- Experience in using PowerShell, Azure CLI, and scripting languages such as Python or Bash for automating security tasks and managing resources in Azure environments, as well as proficiency in JSON for implementing Infrastructure as Code (IaC) and security configurations
- Certifications such as Azure Security Engineer Associate, or Azure Solutions Architect Expert are preferred.
- Experience integrating security in Azure DevOps and CI/CD pipelines.
- Familiarity with multi-cloud or hybrid environments, Azure or AWS security.
- Strong analytical and problem-solving skills, with the ability to communicate complex security issues to technical and non-technical stakeholders.
This is a contract-to-hire position.
Work Location: Remote
Reporting Structure: Reports directly to the Enterprise IT and Cybersecurity Manager
We’re constantly working towards making HTX Labs the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world learns, to join us on our journey. We value all types of experiences. If you don’t think you quite meet every qualification, we’d still love to hear from you.
htx.recruiting@htxlabs.com