Guidehouse

Cyber Consulting

InformationSystemSecurityEngineer

$113–188k Washington, District of Columbia, United States FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Information System Security Engineer at Guidehouse. Skills: NIST RMF, Cloud Security, Network Security, Vulnerability Management. Define system security boundaries. Maintain system security boundaries”

What You'll Achieve.

ensuring real-time visibility into system posture; prioritizing remediation based on exploitability, exposure, and mission impact; bridging the gap between SOC triage and executive risk communication; ensuring security decisions are informed by both technical facts and organizational risk tolerance; ensuring deliverables meet federal security standards

Industry & Context.

Cyber Consulting

Problems you'll solve

Contextualize vulnerability findings; Prioritize remediation based on exploitability, exposure, and mission impact; Provide senior-level technical analysis during security incidents

Eligibility Requirements

Up to 10% Travel, Ability to Obtain Public Trust, US Citizenship is required, Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST", Candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding

What They're Looking For.

Must Have

US Citizenship, Ability to Obtain Public Trust, SEVEN (7) years of progressive experience in cybersecurity engineering, THREE (3) years of experience in a federal civilian or DoW IT environment with direct involvement in NIST RMF (SP 800-37), FedRAMP, or equivalent authorization processes, Demonstrated experience defining or modifying system security boundaries in environments undergoing cloud migration or infrastructure modernization, Hands-on experience with at least three of the following: VMware/vSphere administration, AWS cloud services (VPC, IAM, CloudTrail, GuardDuty), network security (firewalls, IDS/IPS, TIC architectures), vulnerability management platforms (Tenable, Qualys), SIEM/monitoring platforms (Dynatrace, Splunk, or equivalent), load balancers and application delivery controllers (F5, etc. ), and enterprise identity and access management, CISSP (Certified Information Systems Security Professional) – Active and in good standing

Nice to Have

ACTIVE PUBLIC TRUST or SUITABILITY, CCSP (Certified Cloud Security Professional), AWS Security Specialty Certification, CISM (Certified Information Security Manager), CASP+ (CompTIA Advanced Security Practitioner), Experience with ColdFusion, .NET, legacy application environments, Oracle database security hardening and monitoring, GRC platforms such as Archer, Xacta, eMASS, RegScale, CISA BOD compliance requirements, BOD 22-01 (Known Exploited Vulnerabilities), BOD 23-01 (asset visibility), agency-level cybersecurity policies and procedures, OIG audits or FISMA reporting requirements, federal acquisition and contractor oversight, Public Trust Clearance

What You'll Do.

Define system security boundaries

Maintain system security boundaries

Author authorization packages

Maintain authorization packages

Implement continuous ATO processes

Oversee continuous ATO processes

Map technical controls

Manage GRC tool ingestion

Automate compliance evidence collection

Evaluate network segmentation

Advise on network segmentation

Assess CSP environments

Harden CSP environments

Contextualize vulnerability findings

Prioritize remediation

Conduct security assessments

Provide technical analysis during incidents

Translate technical changes

Elevate SOC team understanding

Serve as connective tissue

How You'll Work.

Team & Collaboration

Collaborate with the SOC team; Collaborate with infrastructure teams; Work alongside ISSOs; Serve as the connective tissue between infrastructure engineers, application teams, ISSOs, and leadership; Engage with contractors and vendors

Communication Scope

executive risk communication; translate technical system changes into risk language; ensure security decisions are informed by technical facts and organizational risk tolerance

Full Job Description

**_Job Family_ :** Cyber Consulting ** _Travel Required_ :** Up to 10% **_Clearance Required_ :** Ability to Obtain Public Trust ** _What You Will Do_ :** * **System Boundary Analysis:** Define and maintain system security boundaries across hybrid cloud and on-premises environments, including AWS & Azure CSPs, VMware infrastructure, and legacy datacenter assets. * **Authorization Package Development:** Author and maintain System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), and related NIST RMF artifacts for all OCIO-managed systems. * **Continuous Monitoring:** Implement and oversee continuous ATO processes aligned with NIST SP 800-137 and OSCAL-based automation, ensuring real-time visibility into system posture. * **Control Inheritance Mapping:** Map technical controls across shared service environments, identifying common controls, system-specific controls, and hybrid inheritance relationships as systems migrate to cloud. * **GRC Tool Administration:** Manage the ingestion of infrastructure telemetry, vulnerability data, and configuration baselines into GRC platforms to automate compliance evidence collection. * **Network Security Architecture:** Evaluate and advise on network segmentation, firewall rules, TIC 3.0 compliance, F5 load balancer configurations, DNS security, and encrypted transit between enclaves and cloud environments. * **Cloud Security Posture:** Assess and harden CSP environments including VPC design, Security Groups, IAM policies, CloudTrail/GuardDuty integration, and encryption-at-rest/in-transit configurations. * **Vulnerability Management:** Collaborate with the SOC team and infrastructure teams to contextualize vulnerability findings from Tenable and similar tools, prioritizing remediation based on exploitability, exposure, and mission impact—not just CVSS scores. * **Infrastructure Security Reviews:** Conduct security assessments of proposed architecture changes, migration plans, and ne

Free ATS check

Applying for this Information System Security Engineer role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 56 detected · ranked by frequency

NIST RMF ×4

Authorization Package Development ×4

Control Inheritance Mapping ×4

GRC Tool Administration ×4

Vulnerability Management ×3

System Boundary Analysis ×3

Continuous ATO processes ×3

Network Segmentation ×3

Firewall Rules ×3

Encrypted Transit ×3

Cloud Environment Hardening ×3

Vulnerability Contextualization ×3

Security Incident Analysis ×3

Risk Communication ×3

Technical System Changes Translation ×3

Security Requirements ×3

Federal Security Standards ×3

Cloud Security ×2

Network Security ×2

AWS ×2

Azure ×2

VMware ×2

Tenable ×2

Archer ×2

Xacta ×2

eMASS ×2

RegScale ×2

OSCAL

TIC 3.0

F5 load balancer

DNS security

VPC design

Role Details

Seniority mid

Experience 7–10 yrs

Level Senior

Type FULL TIME

Salary Band 100k-150k

AI-Extracted Insights

Domain Areas

hybrid-cloudon-premises-environmentsaws-cspsazure-cspsvmware-infrastructurelegacy-datacenter-assetsnist-sp-800-137oscal-based-automation

Certifications

CISSPCCSPAWS Security Specialty CertificationCISMCASP+

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Guidehouse?

Real rants from real employees. Read before you apply.

Read Company Rants →