Information System Security Engineer (ISSE)

About The Position

Requirements

• 3 or more years of experience supporting cybersecurity engineering, information assurance, RMF, systems security, or related technical activities.
• At least 2 years of experience supporting RMF Assessment and Authorization activities.
• Experience documenting RMF requirements and supporting RMF package development, review, and submission.
• Experience supporting RMF testing, security control assessment, and analysis needed to complete authorization documentation.
• Experience performing vulnerability risk analysis on deficiencies identified during RMF testing or security assessments.
• Experience with IA tools and vulnerability scanners used to evaluate the security posture of systems or enclaves.
• Experience supporting POA&M development, tracking, remediation, and closure activities.
• Experience with eMASS or similar tools used to document RMF status, artifacts, findings, and workflows.
• Knowledge of DoD and Navy RMF requirements, cybersecurity policy, and security control implementation.
• Ability to provide RMF authorization experience details, including the total number of RMF authorizations supported, as required.
• Ability to communicate cybersecurity risks, findings, and status clearly to technical teams, program stakeholders, and leadership.
• Current or ability to obtain one of the following certifications within two weeks of the start date: Certified Chief Information Security Officer (CCISO), Certified Cloud Security Professional (CCSP), Certified in Governance Risk and Compliance (CGRC), Certified Information Systems Security Officer (CISSO-A), CompTIA Cloud+, CompTIA Security+, CompTIA SecurityX (formerly CASP+), GIAC Cloud Security Automation (GCSA), GIAC Continuous Monitoring Certification (GMON), GIAC Security Essentials Certification (GSEC), Systems Security Certified Practitioner (SSCP).
• Current or ability to obtain a Department of Defense (DoD) Secret Clearance is required.
• To obtain a security clearance, you must be a U.S. citizen and meet the 13 adjudicative guidelines.

Nice To Haves

• Experience supporting Department of the Navy or other DoD cybersecurity environments.
• Experience using and complying with the Navy RMF Process Guide and applicable RMF business rules.
• Experience concurrently supporting multiple RMF packages.
• Experience supporting cybersecurity testing during system sustainment, annual reviews, or authorization renewals.
• Experience working with ISSOs, ISSMs, Security Control Assessors, Authorizing Officials, system owners, and program management teams.

Responsibilities

• Develop and maintain cybersecurity solutions for assigned systems, programs, or enclaves.
• Identify system authorization requirements, including Authorizing Official and Security Control Assessor cognizance, reciprocity considerations, cross-domain requirements, and applicable overlays.
• Identify, tailor, and document the security control baseline based on system categorization and applicable requirements.
• Develop, maintain, and track System Security Plans and related RMF artifacts.
• Lead or support security control implementation and testing activities.
• Plan and perform cybersecurity testing to assess security controls and document compliance status.
• Execute approved Security Assessment Plans and support testing required for Assessment and Authorization or annual reviews.
• Perform vulnerability-level risk analysis on deficiencies identified during RMF testing.
• Support POA&M and Corrective Action Plan development, tracking, mitigation, and closure.
• Ensure vulnerabilities are traceable from raw assessment results to POA&M entries.
• Ensure eMASS records, POA&M entries, and RMF artifacts are accurate and consistent with implementation results.
• Support preparation of Security Assessment Reports, executive summaries, and related assessment documentation.
• Use eMASS workflow and collaboration functions to support formal coordination during the RMF process.
• Document requested rework and provide updates to program management, cybersecurity leadership, and system stakeholders.
• Participate in the system engineering process to ensure cybersecurity requirements, design considerations, and testing needs are addressed throughout the system lifecycle.
• Perform other related duties as assigned to support evolving customer and company needs.

Benefits

• Competitive salary and discretionary bonuses.
• Comprehensive health benefits, including medical, dental, and vision insurance.
• Flexible Paid Time Off (PTO) and holidays to help you maintain a healthy work-life balance.
• Opportunities for professional development and continued learning.
• 401(k) retirement plan with company match.
• Employee recognition programs and company events.