Expert Security Engineer

Amentum•Springfield, VA

9d•$185,000 - $200,000•Onsite

About The Position

As the Security Subject Matter Expert, you will serve as the critical bridge between high-level security policies and their technical implementation, driving the Risk Management Framework (RMF) and Assessment & Authorization (A&A) lifecycle across multiple applications. Your primary purpose is to ensure that system designs inherently meet rigorous security objectives by evaluating IT architectures, guiding development teams, and enforcing compliance with NIST SP 800-53 and enterprise standards from concept to deployment. In this role, your work directly safeguards mission-critical systems and reduces organizational risk. By proactively identifying, tracking, and mitigating vulnerabilities through continuous monitoring, STIG enforcement, and POA&M management, you ensure the resilience of enterprise capabilities. Your leadership in disaster recovery planning and IAVA compliance empowers engineers and developers to securely deliver operations, ultimately protecting the integrity and availability of our technological infrastructure.

Requirements

Skills & Tasks: Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies.
Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
Job Duties: Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations, system security design, implementation plans, operational procedures, and maintenance training materials; System Security Plan (SSP); System Test Plan.
Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
Provide engineering support and assistance to authorization/accreditation test and evaluation activities
Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
Conduct and review security scans
Track and mitigate customer system vulnerabilities
Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
Ensure STIG compliance and mitigation
Provide continuous monitoring support for information systems
Assist with running vulnerability scans on various applications and provide recommendations for compliance
Security Clearance Required: TS/SCI w/Poly
Minimum Education: Bachelor's degree plus 10 years experience, Associates degree plus 12 years experience, or a minimum of 14 years of experience, in a related field
Minimum Years of Experience: See Minimum Education

Nice To Haves

AI if applicable to your program
XACTA 360 experience
Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification
Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF
Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks
Experience with a variety of systems (e.g. desktop, cloud, etc.)
Knowledge of Enterprise Security Best Practices (IAW NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)
Applicable software/ hardware/management training & certification (e.g.; specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)

Responsibilities

Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans.
Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials.
Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
Provide engineering support and assistance to authorization/accreditation test and evaluation activities
Conduct IT Disaster Recovery exercises and maintain all associated documentation
Management of software in use and updates as required
Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
Conduct and review security scans
Track and mitigate customer system vulnerabilities
Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
Ensure STIG compliance and mitigation
Ensure and maintain integration compliance with enterprise services
Provide continuous monitoring support for information systems
Assist with running vulnerability scans on various applications and provide recommendations for compliance
Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring.