Information System Security Engineer (ISSE)

Cinteot•Fort Meade, MD

21h

About The Position

This position is for an Information Systems Security Engineer (ISSE) responsible for guiding sub-projects through the Risk Management Framework (RMF) accreditation lifecycle and ensuring compliance with security policies. The role involves conducting periodic system security scans, validating security requirements, and analyzing system designs. A key aspect is performing technical security assessments to identify vulnerabilities in computing environments and recommending mitigation strategies to meet Information Assurance (IA) standards. The ISSE will also be involved in reviewing network infrastructure, assessing secure communication methods, and applying various security frameworks. This role requires participation in security engineering teams for the design and integration of secure networking and computing environments, supporting the Government in establishing trusted relationships between systems, and applying IA policy knowledge to implement secure solutions. Furthermore, the ISSE will contribute to security planning, risk analysis, and management, and define security requirements for handling Government data.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, or related field.
Must hold and maintain an appropriate DoD 8140.03 / 8570.01-M certification baseline for this labor category (e.g., Security+, CISSP, CISM, or equivalent as required).
At least 7 years of experience in cybersecurity engineering, RMF/DIACAP accreditation, and compliance documentation in DoD environments.
Expertise in the application of DISA STIGs/SRGs, ACAS/HBSS vulnerability analysis, and eMASS package preparation.
Strong written and verbal communication skills, with demonstrated experience producing accreditation documentation and presenting risk findings to senior stakeholders.
Active Top Secret / SCI clearance.

Nice To Haves

Master’s degree in Cybersecurity or related discipline.
Experience supporting DISA programs and preparing for CCRI inspections.
Advanced certifications such as CISSP-ISSAP or CISM.

Responsibilities

Facilitate sub-projects as they go through the Risk Management Framework (RMF) accreditation life cycle.
Support the periodic system security scans as required by policy and the RMF.
Validate and verify system security requirement definitions and analyze system security designs.
Perform technical security assessments of computing environments to identify points of vulnerability, and then recommend mitigation strategies for those that do not comply with established Information Assurance (IA) standards.
Experience manually reviewing network diagrams, network device configurations, termination points for VPNs, and a working knowledge of software TLS security.
Able to maintain a flexible and non-traditional RMF review of secure networks to assess and prescribe countermeasures for secure communications e.g. analog radio, mobile cellular, remote kits, software/hardware-based VPN solutions and VDI technologies.
Familiar with applying different standards and security frameworks to include CIS benchmarks, FIPS 140-2, DISA Stigs, CNSA cryptographic suite compliance, etc.
Participated as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking, computing, and enclave environments.
Participated as a security engineering representative on engineering teams for the design, development, implementation and/or integration of IA architectures, systems, or system components.
Supported the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures.
Applied knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
Supported security planning, assessment, risk analysis, and risk management.
Identified overall security requirements for the proper handling of Government data.