SAP NS2 - Cloud Information System Security Engineer (ISSE) (167152)

SAP NS2® Cloud Information System Security Engineer (ISSE)

Location: Herndon, VA, US
Ref-Code: 167152
Work Area: Information Technology
Expected Travel: 0 – 10%
Career Status: Professional
Employment Type: Regular Full Time


SAP is the global market leader for business software and related services, and SAP National Security Services, Inc. (SAP NS2®) is an independent U.S. subsidiary, offering SAP solutions with specialized levels of security and support to meet the requirements of U.S. national security and critical infrastructure customers.


The Security Team Engineer will be responsible for the Enterprise Security Management, maintenance, and architecture of the IT Security Infrastructure for Public-Sector SaaS/IaaS Cloud-Computing platforms. Including the installation, configuration, upgrade, patching, maintenance & monitoring, DDoS mitigation, intrusion prevention and detection lifecycles.

All Security Team participants will ensure proper configuration of all Firewall’s, IDS/IPS, Identity Management, SIEM  and Security Forensics landscapes, including, but not limited to Cisco Sourcefire/HP TippingPoint or relevant enterprise IDS/IPS experience, Splunk, TippingPoint, Tripwire, Encryption and Monitoring Tools to support the requirements of FedRAMP compliant cloud.

This role serves as a “hands-on” technical staff person who provides technical cyber and information security architecture expertise and guidance to team members and collaborates with other IT teams to address and resolve security issues.


  • Expert & Consultation: Functions as a consultant to other Infrastructure groups as an Infrastructure Cyber Security expert.
  • Forecasts system capacity needs, prioritizes work based on departmental priorities and system criticality, functions as an inter/intra-group liaison, performs complex analysis, proactively identifies problems and makes recommendations regarding solutions, and maintains responsibility for end-user (customer) satisfaction.
  • Proactively monitor, test, collect and analyze system performance statistical data to improve quality & ensure optimal performance of all Storage environments.
  • Create and maintain documentation as it relates to infrastructure systems, design, configuration, support and processes.
  • Diagnose and resolve complex configuration and bottleneck issues within a complex application & systems infrastructure.
  • Provide 24×7 L4/L5 escalation support for all Security Infrastructure platforms on a rotational basis.
  • Maintains reports on Security Systems utilization, availability and growth patterns.
  • Experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
  • Plans, and performs comprehensive systems analysis and design activities including development of detailed functional requirements for new information technology systems, applications or software
  • Provides the in-depth knowledge of leading edge security tools and techniques for mitigating system vulnerabilities
  • Responsible for designing and deploying HIDS, NIDS and various related security tool sets
  • Responsible for deploying and managing a network and security operations command center to include operation of firewalls, Intrusion Detection Systems, and 24×7 monitoring of these networks
  • Reviews legislative documents for regulatory changes, customer requests, requirements and proposals for system development and/or changes, computes and estimates resources needed to prepare and manage Service Level Agreements (SLA)
  • Serves as an expert and consultant to higher management officials and executive level management within and outside the organization to provide advice on integrating information security technology programs and functions to meet the needs of the Cloud
  • Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks (not all required)
  • Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.
  • Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
  • Experience in assessing, configuring, and testing security applications and systems, such as Cisco Sourcefire firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.
  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
  • Demonstrated leadership ability.
  • Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
  • Conduct research, cost-benefit and return-on-investment analysis on proposed hardware, software and systems to justify recommendations, support purchasing efforts and in making infrastructure design and architecture decisions.
  • Investigation of failures to find the root cause and drive resolution.
  • Maintains proper documentation of all activities.
  • Promotes teamwork which includes but not limited to, encouraging others participation in problem resolution and project oriented tasks.
  • Responsible for Security-related and maintainability audit of all new environments or environmental updates
  • Ensures lower-level engineers receive appropriate direction and training
  • Skill in preparing and making written and oral presentations of complex technical and program management information to all levels involved


  • Must be Dept. of Defense Directive 8570.1 compliant (CISSP or equivalent certification for acceptance)
  • BA/BS in Computer Science, Information Technology, Business, or any other field or equivalent experience in Information Security, Information Technology, or related technical discipline
  • Strong organizational skills and prior experience in a similar role as Engineer, Lead or Architect
  • Proficient level UNIX computer skills; Basic Scripting: Perl, Python, Shell
  • Infrastructure and Orchestration/Automation Experience preferred: Tripwire, IDS and IPS sensor tuning
  • Must possess at least two professional industry certifications in area of expertise.
    • These could be CISSP
    • AWS Certificate
    • Cloud Security Certification
    • Vendor certification (CCNA, etc)
  • Mastery of Encryption Mechanisms/Techniques and state-of-art applications; Security Controls; Network Intrusion Detection; Configuration Management; Firewall Management; System Security Configurations; Patch management; and Network Infrastructure Security
  • Ability to meet stringent deadlines; handle multiple tasks
  • U.S. citizenship is required
  • All internals must have manager’s approval to transfer