Information System Security Engineer III

About The Position

Requirements

• Bachelor's degree in science, Technology, Engineering, Mathematics, IT, or business-related programs
• 6+ years of experience in Information System Security practices and applying the RMF to complex IT systems
• 3+ years’ experience supporting DoD or federal programs is highly desirable
• Experience with RMF (NIST 800-53), ATO packages, POA&M development, and system categorization is required
• Baseline and Full Computing Environment Certifications for IAT-II IAW DoD 8570.01-M (Security+ certification) desired
• Cybersecurity certifications like CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) are required
• Must have an active Secret clearance with the ability to obtain TS with SCI eligibility
• Experience with eMASS is critical
• Deep understanding of cybersecurity frameworks, documentation, and technical validation processes, working closely with stakeholders and control assessors to ensure security and compliance.
• Experience with IA vulnerability testing and related network and system test tools
• Experience with Splunk
• Experience with cloud platforms like Amazon Web Services (AWS), Microsoft Azure, etc., and migrating customers/projects to the cloud
• Experience working in a Unix/Linux environment
• Experience working in cloud infrastructures
• Must have high proficiency in the Microsoft Office suite and possess advanced skills and knowledge in programs like Word, Excel, PowerPoint, and Outlook
• Must have an understanding of cloud technologies (e.g., AWS, Azure, GCP, Oracle) and hybrid cloud environments
• Agile Scrum Certifications desired
• Experience developing and documenting system security requirements and conducting requirements gap analysis.
• Experience with network technologies and the ability to demonstrate knowledge of network protocols, communications systems, and architectures.
• Strong creative and visual storytelling skills with an eye for design, usability, and user experience.
• Use expert knowledge of data visualization tools to deliver information that allows client users to quickly understand data, ask better questions, and take action.
• Possess knowledge and experience with data analysis and data technical expertise in data management, engineering, and science.
• Skillful time management and organizational skills to set and meet deadlines.
• Ability to work both independently and within a team.
• Ability to work effectively in a team environment to encourage collaboration, innovation, and continuous improvement.
• Ability to meet minimum clearance requirements.
• Ability to work nights, weekends, and holidays as required.
• Ability to travel up to 10%.

Responsibilities

• Act as mid-level technical lead for RMF activities, developing and maintaining security documentation, coordinating with AOs/AODRs, and ensuring compliance with cybersecurity policies and regulatory frameworks.
• Assist senior technical lead with managing risk, securing IT systems, and implementing security controls to protect sensitive data.
• Shall assist in the development and maintenance of the Risk Management Framework (RMF) documentation and reports to achieve and maintain compliance with cybersecurity regulations and optimize current processes to streamline the approval process across the AMC Enterprise Mission Assurance Support System (eMASS) Portfolio for HQ and Enterprise records.
• Implement a Continuous Monitoring Strategy with automation to keep packages current
• Work with leadership, auditors, and IT teams to maintain security and respond to threats.
• Work in all steps of the RMF process with system owners, ISSO, and ISSMs, and validate adequate security controls are in place to enable sound risk management decisions by the AO.
• Ensure security requirements are addressed in all phases of the development of the lifecycle (SDLC).
• Participate in network design reviews and security testing for the customer’s networks.
• Provide A&A and RMF guidance to system owners to ensure accreditation success.
• Deep understanding of cybersecurity frameworks, documentation, and technical validation processes, working closely with stakeholders and control assessors to ensure security and compliance.
• Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
• Track timely and high-quality completion of process tasks and milestones and report on the status of key milestones to performers and senior stakeholders.
• Oversee the cybersecurity lifecycle from inception to completion.
• Develop, review, and update documentation to ensure compliance with RMF and Continuous Monitoring requirements.
• Maintain and update security documentation (SSPs, POA&Ms, etc.).
• Assists with the preparation of test plans and conducts security control testing IAW with NIST SP800-53.
• Other duties as assigned.