Information System Security Engineer (ISSE) II

About The Position

Requirements

• 3+ years of experience in information security engineering, system assessment, or related field, including experience in:
• Documenting RMF A&A requirements (U.S. Navy RMF process preferred).
• Performing RMF testing of all CS requirements and analysis needed to complete an RMF package for submittal and approval.
• Conducting vulnerability risk analysis and documenting deficiencies found during RMF testing.
• Using IA tools and scanners to evaluate the security posture of the system/enclave.
• Managing documentation within eMASS.
• Working knowledge of the RMF and A&A processes.
• Strong understanding of federal security standards, including FISMA, FIPS, and NIST Special Publications.
• Proficiency in vulnerability management processes, security control implementation, and audit preparation.
• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills for preparing documentation and collaborating with cross-functional teams.
• Attention to detail and accuracy.
• Ability to work independently as well as in a collaborative team environment.
• Flexibility to adapt to changing priorities while supporting both team members and client requirements.
• Must hold one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Governance, Risk, and Compliance (CGRC), GIAC Security Leadership (GSLC), CompTIA Advanced Security Practitioner (CASP+), Certified Chief Information Security Officer (C-CISO).
• Current or ability to obtain a Department of Defense (DoD) Secret Clearance is required.
• To obtain a security clearance, you must be a U.S. citizen and meet the 13 adjudicative guidelines.

Nice To Haves

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field.
• Understanding of the U.S. Navy RMF Process Guide.

Responsibilities

• Oversee the development and maintenance of a system’s cybersecurity solutions.
• Identify Authorizing Official (AO) and Security Control Assessor (SCA) cognizance of the system, as well as any specific authorization requirements such as reciprocity, cross-domain, and applicable overlays to support system categorization
• Identify and tailor the security control baseline with applicable overlays.
• Assist with the development, maintenance, and tracking of the System Security Plan (SP).
• Lead the security control implementation and testing efforts.
• Perform vulnerability-level risk assessment on the Plan of Action and Milestones (POA&M) or Corrective Action Plan (CAP).
• Execute security testing required as part of Assessment & Authorization (A&A) or annual reviews.
• Ensure the mitigation and closure of open vulnerabilities under the system’s change control process.
• Plan and perform cybersecurity testing to assess security controls and record security control compliance status during sustainment.
• Oversee cybersecurity testing to assess security controls and record security control compliance status during the continuous monitoring phase of the lifecycle.
• Ensure data entered in the Enterprise Mission Assurance Support Services (eMASS) record and POA&M is consistent with implementation results.
• Utilize the Collaboration Board in the eMASS for all formal coordination during the RMF process; post detailed findings in the Artifacts tab as required.
• Document and provide all requested rework to the Program Security Office (PSO) or Program Management Office (PMO) for review.
• Participate in the system engineering process to ensure the system's security and cybersecurity requirements, design, and testing are addressed throughout the system lifecycle.
• Carry out other related duties as assigned, demonstrating flexibility and adaptability in meeting evolving client and company needs.

Benefits

• Competitive salary and discretionary bonuses.
• Comprehensive health benefits, including medical, dental, and vision insurance.
• Flexible Paid Time Off (PTO) and holidays to help you maintain a healthy work-life balance.
• Opportunities for professional development and continued learning.
• Hybrid/remote work arrangement with flexible hours.
• 401(k) retirement plan with company match.
• Employee recognition programs and company events.