Information Systems Security Manager/Engineer

About The Position

Requirements

• Seven (7) years of experience supporting DoD or Air Force cybersecurity programs.
• Compliant with DoDI 8140 Intermediate Level Certifications (Security+, CySA, CAP, CASP CE, CISM, CISSP or Associate)
• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field.
• Strong knowledge of NIST RMF, DoD 8500-series, and DISA STIG compliance.
• Experience with SAST, SBOM tools, and secure software development practices.
• Experience supporting AF programs or Cloud One environments.
• Familiarity with CI/CD security integration and automated compliance tools.
• Must be able to satisfactorily obtain and maintain a government security clearance as required by the contract.
• Must be able to maintain ability to access government worksite.
• Must possess and maintain a valid state driver's license and a safe driving record, in accordance with company policy, to operate vehicles or equipment as required for the position.

Nice To Haves

• Advanced certification (e.g., CASP+, CCSP, or CISSP-ISSAP) preferred.

Responsibilities

• Serving as a subject matter expert in security architecture to include providing advice to Program Managers, Customer technical experts, and internal program teams.
• Ensure all products, deliverables, and activities align with Federal, CNSS, DoD, and AF cybersecurity policies, including: NIST SP 800-37, 800-53, 800-171 CNSSI 1253 DoD 8500-series and DoDI 8510.01 (RMF for DoD IT) AFI 17-series publications and DoD 8140 workforce requirements
• Integrate cybersecurity considerations into Continuous Integration/Continuous Deployment (CI/CD) methodologies and program management schedules.
• Identify, manage, verify, and trace security controls across the entire system lifecycle, ensuring alignment with Test & Evaluation (T&E) and overall risk management processes.
• Implement and document comprehensive cybersecurity assurance measures across all layers of the TCP/IP model (network, transport, application, data link, and physical).
• Develop and maintain RMF documentation and artifacts, including Security Plans, Vulnerability Assessments, and Test Results, to support system authorization.
• Ensure compliance with DoDI 8520.02 (PKI and PK Enabling) and DoDI 8520.03 (Identity Authentication), maintaining standardized encryption, digital signature, and authentication mechanisms.
• Deliver secure applications compliant with DISA STIGs and Cloud One cybersecurity requirements.
• Conduct static application security testing (SAST) using PMO-approved tools and maintain a Software Bill of Materials (SBOM) for each release (e.g., SPDX, CycloneDX, SWID).
• Apply secure coding standards (e.g., OWASP Top Ten, CERT) and ensure prompt remediation of vulnerabilities.
• Generate and provide cybersecurity testing reports, mapping findings to applicable STIG and Cloud One controls.
• Use automated tools and processes wherever practical, seeking PMO approval for any deviations.
• Perform other duties as assigned.

Benefits

• We offer a flexible benefits package including medical, dental, and vision plans, TRICARE Supplemental, critical illness coverage, employee discounts, wellness seminars, company-paid life and short-term disability insurance, optional long-term disability, paid leave, a 401(k) plan, and identity theft protection to support your health and financial well-being. For represented positions, the benefits and leave offered will be as defined under the applicable Collective Bargaining Agreement.