Information System Security Engineer IV

About The Position

Requirements

• Bachelor's degree in science, Technology, Engineering, Mathematics, IT, or business-related programs
• 8+ years of experience in Information System Security practices and applying the RMF to complex IT systems
• 5+ years’ experience supporting DoD or federal programs is highly desirable
• Experience with RMF (NIST 800-53), ATO packages, POA&M development, and system categorization is required
• Baseline and Full Computing Environment Certifications for IAT-II IAW DoD 8570.01-M (Security+ certification) desired
• Cybersecurity certifications like CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) are required
• Must have an active Secret clearance with the ability to obtain TS with SCI eligibility
• Experience with eMASS is critical
• Deep understanding of cybersecurity frameworks, documentation, and technical validation processes, working closely with stakeholders and control assessors to ensure security and compliance.
• Experience with IA vulnerability testing and related network and system test tools
• Experience with Splunk
• Experience with cloud platforms like Amazon Web Services (AWS), Microsoft Azure, etc., and migrating customers/projects to the cloud
• Experience working in a Unix/Linux environment
• Experience working in cloud infrastructures
• Must have high proficiency in the Microsoft Office suite and possess advanced skills and knowledge in programs like Word, Excel, PowerPoint, and Outlook
• Must have an understanding of cloud technologies (e.g., AWS, Azure, GCP, Oracle) and hybrid cloud environments
• Agile Scrum Certifications desired
• Experience developing and documenting system security requirements and conducting requirements gap analysis.
• Experience with network technologies and the ability to demonstrate knowledge of network protocols, communications systems, and architectures.
• Strong creative and visual storytelling skills with an eye for design, usability, and user experience.
• Use expert knowledge of data visualization tools to deliver information that allows client users to quickly understand data, ask better questions, and take action.
• Possess knowledge and experience with data analysis and data technical expertise in data management, engineering, and science.
• Skillful time management and organizational skills to set and meet deadlines.
• Ability to work both independently and within a team.
• Ability to work effectively in a team environment to encourage collaboration, innovation, and continuous improvement.
• Ability to meet minimum clearance requirements.
• Ability to work nights, weekends, and holidays as required.
• Ability to travel up to 10%.

Responsibilities

• Act as a senior technical lead for RMF activities, developing and maintaining security documentation, coordinating with AOs/AODRs, and ensuring compliance with cybersecurity policies and regulatory frameworks.
• Manage risk, secure IT systems, and implement security controls to protect sensitive data.
• Shall assist in the development and maintenance of the Risk Management Framework (RMF) documentation and reports to achieve and maintain compliance with cybersecurity regulations and optimize current processes to streamline the approval process across the AMC Enterprise Mission Assurance Support System (eMASS) Portfolio for HQ and Enterprise records.
• Implement a Continuous Monitoring Strategy with automation to keep packages current
• Work with leadership, auditors, and IT teams to maintain security and respond to threats.
• Work in all steps of the RMF process with system owners, ISSO, and ISSMs, andvalidate adequate security controls are in place to enable sound risk management decisions by the AO.
• Develop, implement, and enforce cybersecurity policies and procedures in accordance with regulatory frameworks. Manage all aspects of cybersecurity for systems maintained on-site.
• Brief senior management on all aspects of security engineering.
• Lead and support frequent interaction with government customers.
• Ensure security requirements are addressed in all phases of the system development lifecycle (SDLC).
• Participate in network design reviews and security testing for the customer’s networks.
• Coordinate with system development teams to ensure network security standards are being followed and implemented correctly.
• Identify additional security requirements, based on RMF or as a result of security issues that put the customer’s systems at risk.
• Review and analyze new systems (hardware and software) and provide recommendations concerning their security.
• Provide A&A and RMF guidance to system owners to ensure accreditation success.
• Provide insight and recommendations leading up to and during the customer's information assurance readiness review process.
• Oversee the cybersecurity lifecycle from inception to completion.
• Develop, review, and update documentation to ensure compliance with RMF and Continuous Monitoring requirements.
• Maintain and update security documentation (SSPs, POA&Ms, etc.).
• Assists with the preparation of test plans and conducts security control testing IAW with NIST SP800-53.
• Direct and oversee daily activities of team members, ensuring tasks are completed accurately, efficiently, and in alignment with contract goals.
• Other duties as assigned.