Information Systems Security Engineer (ISSE)

Location: Reston, VA

Department: Enterprise IT

Location Type: IN_OFFICE

Employment Type: FULL_TIME

• Design, develop, and maintain reusable frameworks, libraries, APIs, and reference implementations that integrate applications with zero trust identity and access services
• Create developer documentation, integration guides, and best practices to streamline adoption of security services by product teams
• Implement and support fine-grained authorization approaches (e.g., entitlements, row-level security, ABAC) and align them to business policies
• Collaborate with architects and platform engineers to ensure security services meet performance, usability, resilience, and compliance objectives
• Conduct design and code reviews; coach development teams on secure coding, identity integration, and threat-informed design patterns
• Evaluate emerging zero trust and identity/access technologies and recommend improvements to architecture, tooling, and developer experience

• US citizenship with an active TS/SCI with CI Polygraph required
• Minimum 7 years of professional experience in software engineering, security engineering, or closely related roles
• Bachelor’s degree in Computer Science, Engineering, or a related field (experience may be considered in lieu of a degree)
• Hands-on experience designing and deploying application components on AWS in IL6+ classified environments
• Proven experience implementing modern authentication and authorization standards (OAuth 2.0, OpenID Connect, SAML)
• Expertise with fine-grained access control models (entitlements, row-level security, ABAC)
• Strong proficiency in at least one programming language (Java, Go, or Python) for building frameworks, SDKs, and platform services
• Working knowledge of zero trust architecture and principles, including identity-centric security and least-privilege access
• Experience authoring developer documentation, integration guides, and reference implementations
• Solid understanding of secure coding practices, SDLC security, and integrating security controls into CI/CD pipelines

• Experience with enterprise identity platforms (e.g., AWS Cognito, Azure AD, Keycloak) and policy engines (e.g., OPA, Cedar)
• Background with authorization-as-a-service patterns, token exchange, and policy-based access control in microservices
• Familiarity with DISA STIGs/SRGs and compliance workflows in classified environments
• Contributions to internal SDKs, developer portals, or platform engineering products that improve developer productivity