WHAT DOES AN INFORMATION SYSTEMS SECURITY ENGINEER DO?

Published: Sep 17, 2025 - The Information Systems Security Engineer designs, implements, and maintains cybersecurity solutions that protect government-sponsored operational environments. This role involves performing security assessments to identify vulnerabilities, ensuring compliance with NIST-800-171, DFARS, CMMC, and other regulations, and supporting Windows and Linux desktop and server infrastructure. In addition, the engineer assists with regulatory compliance efforts, maintains COMSEC equipment, and guides interns and IT staff while driving continuous improvement initiatives.

A Review of Professional Skills and Functions for Information Systems Security Engineer

1. Information Systems Security Engineer Key Accountabilities

  • UEM/MDM Management: Maintain and administer the UEM/MDM environment and infrastructure globally.
  • System Hardening: Manage system hardening practices by defining and implementing secure device configurations.
  • App Store Development: Contribute to the Enterprise App Store by developing MDM/MAM software packages.
  • Certificate Integration: Manage certificate integration with Certificate Authorities (CA) for use with mobile devices.
  • Wireless/VPN Integration: Manage enterprise wireless and VPN integration for use by managed mobile devices.
  • Authentication Management: Manage certificate-based authentication on mobile devices.
  • MDM Maintenance: Upgrade and patch the MDM application software within specified timeframes.
  • IT Collaboration: Partner with IT and IT Service Desk to provide tier-2 and tier-3 support.
  • System Security: Maintain system integrity and security by resolving issues from vulnerability and compliance scans.
  • Patch Support: Support patching in accordance with patching policies/SLAs.
  • Teamwork: Work autonomously as well as in team environments, often in stressful, high-impact situations.

2. Information Systems Security Engineer General Responsibilities

  • Security Systems Design: Design, analyze, and test information security systems and products to ensure secure architecture.
  • Data Center Expertise: Serve as the subject matter expert (SME) for data center system environments.
  • Compliance Analysis: Perform project tasks to analyze IT security compliance requirements, translate them into security designs, implement these designs, and test their effectiveness.
  • Security Tools Knowledge: Serve functionally as an SME with working knowledge of firewalls, monitoring, and intrusion detection systems, anti-virus systems, vulnerability testing, and security analysis tools.
  • Test Plan Development: Create and update security test plans to detect and mitigate risks to information systems.
  • Audit Testing: Engineer and execute tests and test plans to satisfy audits.
  • Risk Mitigation: Provide solutions for mitigating information systems findings or risks.
  • Infrastructure Security: Evaluate, improve, and maintain information security across the infrastructure.
  • Issue Resolution: Monitor and correct information system issues, create recovery processes for failures and vulnerabilities.
  • Vulnerability Tracking: Track vulnerabilities until resolved or mitigated to the satisfaction of the Government Accrediting Authority (AO).

3. Information Systems Security Engineer Role Purpose

  • Incident Response: Support Incident Response (IR) activities and perform system and network upgrades, including technical refreshes and hardware/software insertions.
  • System Installation: Install and configure Windows and Linux systems.
  • Issue Troubleshooting: Troubleshoot system software, hardware, and network issues, including routers, password resets, telecommunications cabling, software patches, and IAVA alerts.
  • Connectivity Restoration: Restore connectivity and relocate equipment, including servers, PCs, network components, and lab equipment.
  • Network Configuration: Configure Cisco networking devices by establishing networking schemes, managing VLANs, and routing.
  • System Hardening: Harden Windows and Linux systems.
  • Equipment Setup: Set up and dismantle physical equipment in racks.
  • Security Gap Analysis: Identify gaps in security controls and propose corrective actions to reduce risks.
  • Configuration Review: Review system configurations and architectures to validate secure design and implementation.
  • Documentation Development: Develop documentation, standards, and procedures to support security compliance.

4. Information Systems Security Engineer Essential Functions

  • Security Collaboration: Work with Security Operations, Networking, and Infrastructure Teams to guide manufacturing operations on security strategies, processes, response, and technologies.
  • Network Security Standards: Ensure new systems and upgrades to existing systems adhere to network security design standards.
  • Compliance Reviews: Conduct periodic reviews for cybersecurity compliance.
  • Audit Participation: Participate in audits covering network security and technologies.
  • Architecture Documentation: Maintain site-specific architecture, asset management, and sustainability documentation.
  • Cross-Team Collaboration: Collaborate with analysts, engineers, and data scientists.
  • Resilient Architecture: Ensure secure and resilient architecture throughout the lifecycle of manufacturing and automation applications.
  • System Patching: Ensure manufacturing, packaging, automation, and facilities systems are patched with the latest updates.
  • Threat Protection: Support the Intrusion Detection System, application safelisting technologies, endpoint protection, and cyber incident response.
  • Risk Management: Identify risks early, determine impact and mitigation approaches, and escalate site issues.

5. Information Systems Security Engineer Additional Details

  • Network Security Testing: Participate in network design reviews and conduct security testing for customer networks.
  • Compliance Evaluation: Evaluate Information Assurance compliance of systems against current RMF and DoD cybersecurity policies as outlined in NIST SP 800-37 and 800-53, rev 4.
  • System Hardening: Identify and resolve technical issues related to system hardening to ensure availability, integrity, authentication, and confidentiality.
  • Patch Management: Implement and maintain updates, security patching, and controls.
  • Assessment Activities: Perform assessment and compliance activities using assessment tools and procedures within the ServiceNow IA Manager.
  • Risk Management: Manage security compliance and risk by uploading artifacts and tracking projects through the RMF process.
  • Stakeholder Interface: Interface with the Information System Owner (ISO), site Information System Security Officer (ISSO), and other applicable parties, including SCA and DAO-R.
  • Controls Implementation: Complete security controls implementation, self-compliance tests, and security test plans, and create or update the Plan of Action and Milestones (POA&M).
  • Stakeholder Collaboration: Collaborate with stakeholders to ensure technical solutions meet both business and security requirements.
  • Continuous Improvement: Contribute to continuous improvement efforts in security operations and organizational resilience.

6. Information Systems Security Engineer Roles

  • Security Controls Implementation: Identify, select, and implement applicable security controls for various operating systems and applications in accordance with NIST SP 800-37 and the Risk Management Framework (RMF).
  • Evidence Management: Develop and maintain bodies of evidence (BOE) for managed information systems, custom applications, services, and networks.
  • Policy Development: Develop and disseminate system security policies, processes, and governing products to maintain a low operational risk posture.
  • Vulnerability Assessment: Conduct internal vulnerability assessments and facilitate external audits.
  • Task Coordination: Coordinate security-related tasks and activities across functional areas, including Program Management, Engineering, and Software Development.
  • Security Documentation: Produce documentation in response to information security requirements.
  • ATO Package Development: Develop full ATO packages and supporting documentation such as SSPs, RARs, POA&Ms, SCTMs, RTMs, SLCMs, SARs, certification test reports, briefings, and training products.
  • Change Management Support: Assist in secure change management processes and participate in Change Control Boards (CCB).
  • IA Representation: Represent the IA function in CCBs and the change management process by addressing approval or denial of change requests.
  • Impact Analysis: Conduct Security Impact Analyses (SIA) on system change requests.
  • Professionalism: Maintain a professional appearance, demeanor, and relationships with colleagues and clients.

7. Senior Information Systems Security Engineer Tasks

  • FPGA/SoC Security: Work with FPGA and SoC technology security features.
  • Certification Processes: Work with the DoD ATEA (TIG/HPG/AT Engineering) process or the NSA Type 1 Crypto Certification process.
  • Embedded Systems Knowledge: Utilize knowledge of electronic warfare systems using embedded systems.
  • Systems Engineering: Apply systems engineering disciplines to the domains of program protection.
  • Security Architecture: Analyze, design, and integrate security architectures while ensuring requirements are established, allocated, and maintained.
  • Vulnerability Analysis: Discover and analyze security flaws or vulnerabilities in software, systems, and applications, and provide mitigation strategies.
  • Peer Review Participation: Participate in technical peer reviews throughout the product lifecycle, including design, development, integration, and testing.
  • System Certification: Support system certification and accreditation planning, testing, and liaison activities.
  • Security Analysis: Perform information security analysis, including vulnerability analysis and risk management.
  • Security Documentation: Create security documentation such as descriptions, instructions, and policies.

8. Information Systems Security Engineer Details and Accountabilities

  • Threat Identification: Identify threats, vulnerabilities, risks, and control gaps across the enterprise.
  • Security Technology Management: Configure, manage, and operate security technologies, including SIEM, EDR, IDS/IPS, PAM, DLP, NGFW, WAF, GRC, M365, Azure, and AWS.
  • Security Solutions Deployment: Recommend, design, and deploy new security solutions and processes.
  • Vulnerability Remediation: Remediate critical vulnerabilities.
  • Stakeholder Collaboration: Collaborate with business and technology stakeholders to design effective security controls.
  • Alert Investigation: Review security alerts and investigate potential threats.
  • Incident Investigation: Conduct investigations with professionalism and confidentiality.
  • Incident Response Leadership: Lead incident response for security events in collaboration with cross-functional teams.
  • Data Protection: Develop and implement plans to safeguard digital data from accidental or unauthorized modification, destruction, or disclosure, while supporting emergency data processing needs.
  • Security Training: Review violations of security procedures and provide training to prevent recurrence.
  • Risk Assessment: Perform risk assessments, audits, and tests to validate the effectiveness of data processing activities and security measures.
  • User Awareness: Safeguard system security and improve overall server and network efficiency by training users and promoting security awareness.

9. Information Systems Security Engineer Overview

  • Architecture Assessment: Conduct assessments of existing IT architecture for compliance with security requirements from applicable security frameworks.
  • Continuous Monitoring: Provide continuous monitoring support for information systems.
  • Architecture Deliverables: Develop IT architecture deliverables specific to information security countermeasure implementations for operational systems and systems under development.
  • Cybersecurity Guidance: Provide technical cybersecurity engineering guidance to IT Administrators, Systems Architects, Systems Engineers, and Software Developers.
  • Policy Implementation: Provide system security engineering guidance on the design and implementation of technical policies for user/computer groups and network devices.
  • Security Systems Design: Design and implement security systems across the organization’s networks, including IDS, firewalls, log capture, host-based protections, and vulnerability scanning tools.
  • Vulnerability Assessment: Assess networks, applications, and systems to identify vulnerabilities and report results to ISSO and IT.
  • Incident Support: Provide ISSO and IT administrators with system security expertise to support incident investigation and response.
  • ISSO Support: Assist ISSO in monitoring, interpreting, and reacting to security device outputs, creating documentation in support of authorization/accreditation packages, and deploying security policies, standards, and guidance.
  • Team Leadership: Work independently, actively participate in integrated teams, and lead tasks, projects, or small teams.
  • Mentorship: Seek guidance and direction from senior-level technicians, specialists, and managers only in new or uncertain situations, while guiding lower-level technicians and specialists.

10. Information Systems Security Engineer Job Description

  • Security Analysis: Assist in collecting and analyzing security information for appropriate utilization, performance, and potential security issues.
  • Risk Identification: Assist in identifying security risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives.
  • Root Cause Analysis: Assist in determining problem root causes to eliminate future instances and develop new standards to improve operations.
  • System Coordination: Work with system engineers to plan, coordinate, and test installations, upgrades, and changes to security hardware and software networks.
  • Application Installation: Install and upgrade business applications and systems under supervision.
  • Problem Resolution: Identify and isolate system problems, collaborating with vendors and users to correct errors and determine root causes to prevent recurrence.
  • Standards Development: Assist in developing standards for security, customer support, and operational readiness.
  • Architecture Testing: Test security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
  • Technology Research: Research and recommend new technology to meet future organizational requirements.
  • User Support: Work with end-users, technical staff, and vendors to troubleshoot and implement solutions for unique problems or needs.
  • Project Participation: Participate in planning projects centered on information security requirements.
  • Documentation: Document all security-related information accurately and promptly.

11. Information Systems Security Engineer Functions

  • Security Management: Review and ongoing Security Management of endpoint protection and antivirus/malware, email gateway, and other related component policies.
  • Ticket Resolution: Daily triage, update, and resolution of tickets generated as assigned by the ticketing system.
  • Log Analysis: Coordinate and monitor log analysis to ensure policy and security requirements are met.
  • Event Response: Respond to security-related events and assist in remediation efforts.
  • Incident Handling: Respond to high-priority incidents and follow through to closure.
  • Vulnerability Reporting: Report potential security vulnerabilities before they negatively impact the business.
  • System Hardening: Ensure hardening, to CIS standards, is implemented for workstation SOEs, server SOEs, remote access, email, web gateways, and other related devices.
  • Health Checks: Perform periodic health checks of previously hardened devices/systems and security controls, reporting any non-compliance to the Security Governance team.
  • Vulnerability Testing: Conduct periodic vulnerability testing and lead remediation work.
  • Stakeholder Management: Manage all interactions with the business and other parts of IT professionally and courteously with an emphasis on customer satisfaction and timely management of stakeholder expectations, regarding problem status and timely completion.

12. Information Systems Security Engineer Accountabilities

  • Requirements Definition: Identify Information Protection needs and define System Security Requirements.
  • Security Architecture: Design System Security Architecture.
  • Security Design: Develop detailed Security Designs for the enterprise.
  • System Management: Manage Enterprise Security Systems such as Microsoft Endpoint Defender, VMWare CB AppControl, etc., to protect the enterprise endpoint devices.
  • Event Monitoring: Perform monitoring, research, assessment, and analysis on all notable security events from a variety of technologies such as firewalls, intrusion detection systems, cloud services, endpoint security, and operating system events.
  • Incident Response: Develop, implement, and execute security procedures, including initial triage and incident response.
  • Team Coordination: Coordinate security activities across multiple teams and disciplines, including Help Desk, Network, Monitoring, and Enterprise Architecture.
  • Compliance Monitoring: Participate in routine compliance and control monitoring.
  • Capability Development: Assist in the creation of new monitoring capabilities as controls evolve.
  • Policy Management: Support development, maintenance, and management of security policies in accordance with the Directives and Instructions.
  • Data Response: Respond to data calls for endpoint client information.

13. Information Systems Security Engineer Job Summary

  • Documentation Support: Assist in preparing, providing direction, and reviewing relevant documentation, including System Security Plans (SSPs), Standard Operating Procedures (SOPs), Risk Assessment Reports, Remediation Plans, Plans of Action and Milestones (POAMs), Assessment and Authorization (A&A) packages, and System Requirements Traceability Matrices (SRTMs).
  • Accreditation Support: Support information security accreditation activities in compliance with applicable federal government policies and procedures.
  • Risk Assessment: Perform vulnerability and risk assessment analysis to support continuous monitoring and security control testing.
  • Product Installation: Perform installation and processing of new security products and procedures.
  • Security Monitoring: Monitor networks and systems for security breaches and intrusions.
  • Software Configuration: Assist in configuring monitoring software that helps notify the team of security events and irregular system behavior.
  • Vulnerability Scanning: Conduct periodic scans of networks and systems to identify vulnerabilities.
  • Mitigation Support: Assist the IT team in determining mitigation techniques.
  • Incident Response: Perform incident response activities to minimize impact.
  • Team Collaboration: Work closely with system engineers, government security team, and leadership to ensure security design, compliance, and schedule adherence.

14. Information Systems Security Engineer Responsibilities

  • Security Tools Deployment: Evaluate, integrate, and deploy security tools, including Zero-Trust Security, Identity and Access Management, Endpoint Detection and Response, and Security Information and Event Management.
  • Monitoring Tools Deployment: Evaluate, integrate, and deploy monitoring tools for Cloud and IT services.
  • Log Analysis: Review system and security logs, create rules and automations to correlate events and incidents, and build analysis reports for critical events.
  • Audit Compliance: Ensure internal and external compliance audits are completed, and carry out due diligence and remediation actions according to schedule.
  • Patch Management: Collaborate with SREs and IT Support to test and deploy patches for security vulnerabilities.
  • Vulnerability Management: Work with CREST-certified VA/PT providers to ensure all assets are scanned, vulnerabilities tracked, and remediated.
  • Service Uptime: Maintain 99.9% uptime for Telephony, RADIUS, and DNS services.
  • Engineering Solutions: Design and deploy engineering solutions to provide monitoring and alerting, security lifecycle management, patching and integration testing, infrastructure orchestration, systems automation, and incident management.
  • Infrastructure Security: Improve the security, design, and reliability of the infrastructure.
  • Documentation Maintenance: Maintain accurate and current systems documentation.
  • Deadline Management: Accept and meet challenging deadlines.

15. Information Systems Security Engineer Details

  • Engineering Support: Provide engineering support for all primary systems, including network-based intrusion detection and prevention systems.
  • Vulnerability Scanning: Maintain, update, and conduct routine vulnerability scanning across all Sponsor networks.
  • Patching and Hardening: Oversee patching, hardening, and baselining activities across all Sponsor networks, ensuring stakeholder compliance with requirements.
  • Logging and Auditing: Maintain, update, configure, and ensure the successful deployment of logging and auditing tools across Sponsor networks.
  • Configuration Management: Maintain system baselines and configuration management items, including security event monitoring policies.
  • Stakeholder Collaboration: Collaborate with stakeholders to ensure complete and functioning systems that meet all requirements.
  • Network Defense: Ensure all network defense capabilities are current, patched, securely configured, and properly reported to management.
  • Data Flow Analysis: Analyze data flows into, out of, and across Sponsor networks to identify and resolve security gaps.
  • Penetration Testing: Perform limited penetration testing into targeted networks.
  • Proof-of-Concept Testing: Conduct proof-of-concept testing for new security solutions.
  • Product Integration: Design, test, and integrate new security products.
  • Beta Testing: Beta test new capabilities and conduct software testing, including patches and updates.
  • Documentation Management: Maintain a comprehensive library of documentation, including network diagrams for cyber defense capabilities and sensors, and ensure documentation is available to authorized personnel with appropriate need-to-know.

16. Information Systems Security Engineer Duties

  • Cybersecurity Engineering: Engineer cybersecurity solutions in support of multiple government sponsors.
  • Security Assessment: Perform and review technical security assessments of computing environments to identify vulnerabilities, non-compliance with cybersecurity standards and regulations, and recommend mitigation strategies.
  • Solution Design: Design and develop security solutions for new or existing operational environments.
  • Secure Design: Ensure system designs incorporate cybersecurity vulnerability solutions.
  • Infrastructure Support: Support and maintain existing Windows and Linux desktop and server infrastructure.
  • System Deployment: Deploy new desktops and servers.
  • System Maintenance: Support, maintain, and update computer systems.
  • Regulatory Compliance: Assist the FSO and CPSO in compliance with 32 CFR Part 117, NISPOM, and DoD 5205.07 volumes 1-4.
  • Standards Compliance: Participate in efforts to achieve and maintain compliance with NIST-800-171, DFARS Clause 252.204-7012, and CMMC.
  • COMSEC Support: Assist with the maintenance of COMSEC equipment.
  • Ownership: Accept ownership of and responsibility for responding to new and varied requests.
  • Process Improvement: Actively engage in the continuous improvement initiatives.
  • Staff Supervision: Supervise student interns and other IT staff.

17. Information Systems Security Engineer Roles and Details

  • Subject Matter Expertise: Provide subject matter expertise and consult or troubleshoot security-related matters for enterprise information systems, network architectures, system access problems, and implementation of security policies and procedures.
  • Access Protection: Ensure security access and protect against unauthorized access, modification, or destruction of systems or data.
  • Security Integration: Work with a variety of security concepts, practices, and procedures, emphasizing the integration of security requirements and practices into the systems engineering process and the software development lifecycle.
  • Security Principles: Understand information security principles and practices with creativity and latitude.
  • System Integrity: Manage and maintain the security integrity of all IT systems and network architectures.
  • Secure Operations: Ensure systems are securely operated, maintained, and disposed of in accordance with federal government security policies and security plans.
  • Plan Development: Develop and maintain security plans and associated documentation.
  • Authorization Management: Ensure system users have the correct authorizations and privileges to perform their jobs and understand their security responsibilities.
  • User Training: Provide training to system users on preferred security practices.
  • Risk Assessment: Author risk assessments and support certification and accreditation activities.

18. Information Systems Security Engineer Responsibilities and Key Tasks

  • System Reviews: Participate in system reviews for custom, COTS, and GOTS software and hardware, and in-house software development, and provide recommendations for securing systems and software.
  • Risk Assessment: Understand system security vulnerabilities and associated threats and assess overall system security risks.
  • Risk Mitigation: Provide mitigation recommendations to reduce identified security risks.
  • Vulnerability Scanning: Perform application, database, and system vulnerability scanning using approved software tools.
  • System Management: Understand software installations, system monitoring, troubleshooting, account management, and efforts to minimize downtime.
  • Application Administration: Support the administration staff in managing security-relevant applications such as IDS/IPS and log manager, and associated accounts.
  • Incident Response: Assist in IT security incident response and documentation.
  • Security Reviews: Perform regularly scheduled security reviews covering technology, operations, and personnel.
  • Product Support: Support IT architects and system engineers in the product development process.
  • Solution Analysis: Review and analyze technical security solutions.

19. Information Systems Security Engineer Duties and Roles

  • ISSE Role: Serve as an Information Systems Security Engineer (ISSE) for a national program, consulting on the development, integration, and configuration of information systems.
  • Security Documentation: Apply extensive technical expertise in developing system security documentation and implement program security plans, policies, and procedures to ensure compliance with company and government requirements.
  • Stakeholder Coordination: Coordinate security-related activities with government security stakeholders, Information System Owners (ISOs), Information System Security Officers (ISSOs), Information System Security Managers (ISSMs), and Common Control Providers (CCPs).
  • RMF Leadership: Lead Risk Management Framework (RMF) Assessment and Authorization (A&A) efforts, including POA&M mitigation, Continuous Monitoring, and interfacing with government counterparts.
  • Policy Development: Develop and update information security policy documentation to align with best practices and the current operating environment.
  • Requirements Management: Apply best practices and processes to capture, refine, and prioritize requirements based on risk, engineering principles, and mission needs.
  • Architecture Collaboration: Collaborate with developers and engineers to provide enhanced security architectures, development tools, and information systems that enable secure missions.
  • Security Architecture: Develop, configure, maintain, and monitor system security architectures, identify vulnerabilities, and recommend mitigation strategies.
  • System Compliance: Participate in the design, development, and implementation of information systems to ensure compliance with required security features and safeguards.
  • Vulnerability Management: Evaluate vulnerability and compliance scan results and collaborate with developers and administrators to mitigate or eliminate findings.
  • A&A Documentation: Generate Assessment and Authorization (A&A) documentation and artifacts (e.g., System Security Plans, Network Interface Planning Documents) for import and upload into the Xacta tool.

20. Information Systems Security Engineer Roles and Responsibilities

  • System Categorization: Propose system categorizations based on the types of information processed in collaboration with DAO Representatives and ISOs.
  • Control Coordination: Coordinate with Security Control Assessors (SCAs) during the engineering design phase to ensure proper application of security controls, tradeoffs, and decisions.
  • Systems View: Maintain a comprehensive systems view while addressing stakeholder security risks and ensuring information integrity through systems engineering practices.
  • Threat Integration: Incorporate threat and vulnerability data into information security decisions.
  • Requirements Input: Provide input to requirements, engineering, and risk trade space analyses to achieve cost-effective, secure architectural designs.
  • Team Mentorship: Promote team development by mentoring junior members and participating in key project activities.
  • Project Management: Develop detailed project schedules and manage team activities to achieve delivery milestones.
  • Work Schedule: Maintain a regular and predictable work schedule.
  • Cross-Department Collaboration: Establish and maintain effective working relationships across departments, Strategic Business Units, Strategic Capabilities Units, and the company.
  • Professional Interaction: Interact professionally with others to maintain a positive and productive work environment.
Relevant Information
What Does A Cloud Security Engineer Do?
What Does A Cybersecurity Engineer Do?
What Does An Information Security Engineer Do?
What Does An Infrastructure Security Engineer Do?