Information System Security Engineer (ISSE)

About The Position

Requirements

• Demonstrated experience with application security standards, processes, and best practices.
• Hands-on experience with Accreditation & Authorization (A&A) activities, including documentation, POAM development, tracking, and remediation.
• Knowledge of application and data security requirements supporting Authority to Develop (ATD) and Authority to Operate (ATO) processes, including encryption, monitoring, auditing, reporting, and role-based access controls.
• Experience leading or supporting automated security testing, including vulnerability scanning and report delivery.
• Proven ability to partner with engineering teams to translate, implement, and validate security requirements.
• Experience supporting IA documentation such as System Security Plans (SSPs) and AIS Plans.
• Familiarity working within Agile/Scrum development environments.

Responsibilities

• Serve as the lead for automated security testing, leveraging the Sponsor’s enterprise scanning tools.
• Create and deliver Monthly Vulnerability Scans, ensuring accuracy, completeness, and timely submission.
• Prepare and deliver Monthly Privileged Users and Administrator Reports, validating access and ensuring compliance.
• Act as the overall lead for ensuring system security, protecting sensitive data and enforcing strict need-to-know principles.
• Collaborate with technical teams to develop, update, and track Plan of Action and Milestones (POAMs).
• Support the Program Manager (PM) in developing and maintaining the Contract Security Plan.
• Coordinate with the PM, the Sponsor’s Information System Security Manager (ISSM), and the INFOSEC Program Council as required.
• Author, update, and maintain the program’s System Security Plan (SSP) to support the Accreditation & Authorization (A&A) process.
• Develop and deliver required security education, training, and awareness materials to the Sponsor.
• Author and maintain the program’s Automated Information Systems (AIS) Plan.